Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid Of Blue Screen With Message


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vij

Vij

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 July 2008 - 12:17 PM

Hello

I ran Spybot destroy, Mcafee antivirus but still the screen with blue color stays.
I ran Hijackthis and here is the log file.

Please Help..
Regards
Vij



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:17 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
C:ApplNetwork AssociatesVirusScanmcshield.exe
C:ApplNetwork AssociatesVirusScanvstskmgr.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSsystem32hkcmd.exe
C:ApplNetwork AssociatesVirusScanSHSTAT.EXE
C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesWebrootSpy SweeperSpySweeperUI.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWebrootSpy SweeperSSU.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32wuauclt.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [ShStatEXE] "C:ApplNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] "C:Program FilesSpybot - Search & DestroyTeaTimer.exe"
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110484859250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.mydesichannel.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:ApplNetwork AssociatesVirusScanmcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:ApplNetwork AssociatesVirusScanvstskmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe

--
End of file - 8057 bytes

Here is DSS Log also

Main

Deckard's System Scanner v20071014.68
Run by Kumar on 2008-07-23 13:33:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2008-07-23 17:33:22 UTC - RP1288 - Deckard's System Scanner Restore Point
76: 2008-07-22 22:33:29 UTC - RP1287 - Software Distribution Service 3.0
75: 2008-07-22 11:12:56 UTC - RP1286 - System Checkpoint
74: 2008-07-21 10:42:59 UTC - RP1285 - System Checkpoint
73: 2008-07-20 09:30:59 UTC - RP1284 - System Checkpoint


-- First Restore Point --
1: 2008-05-17 08:00:30 UTC - RP1212 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Kumar.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:51 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
C:ApplNetwork AssociatesVirusScanmcshield.exe
C:ApplNetwork AssociatesVirusScanvstskmgr.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSsystem32hkcmd.exe
C:ApplNetwork AssociatesVirusScanSHSTAT.EXE
C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesWebrootSpy SweeperSpySweeperUI.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWebrootSpy SweeperSSU.EXE
C:Documents and SettingsKumarLocal SettingsTemporary Internet FilesContent.IE59FANHT3Xdss[1].exe
C:PROGRA~1TRENDM~1HIJACK~1Kumar.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [ShStatEXE] "C:ApplNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] "C:Program FilesSpybot - Search & DestroyTeaTimer.exe"
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110484859250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.mydesichannel.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:ApplNetwork AssociatesVirusScanmcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:ApplNetwork AssociatesVirusScanvstskmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe

--
End of file - 8065 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:program filesnetwork associatescommon frameworkframeworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:applnetwork associatesvirusscanvstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 11:53:24 330 --ah----- C:WINDOWSTasksMP Scheduled Scan.job
2008-07-22 20:00:02 328 --a------ C:WINDOWSTasksSpybot - Search & Destroy - Scheduled Task.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 12:52:53 0 d-------- C:Program FilesTrend Micro
2008-07-22 14:24:50 0 dr-h----- C:Documents and SettingsKumarRecent
2008-07-22 13:18:21 60928 --a------ C:WINDOWSsystem32blphc50qj0er51.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-22 13:15:26 110080 --a------ C:WINDOWSsystem32lphc50qj0er51.exe
2008-07-02 11:20:45 0 d-------- C:Documents and SettingsKumarApplication DataMove Networks


-- Find3M Report ---------------------------------------------------------------

2008-07-23 11:55:17 0 d-------- C:Program FilesSMS-it
2008-07-21 18:17:57 0 d-------- C:Documents and SettingsKumarApplication DataU3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"IgfxTray"="C:WINDOWSsystem32igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:WINDOWSsystem32hkcmd.exe" [10/19/2005 08:59 AM]
"ShStatEXE"="C:ApplNetwork AssociatesVirusScanSHSTAT.exe" [03/06/2003 08:00 AM]
"McAfeeUpdaterUI"="C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe" [02/25/2003 07:00 AM]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [11/03/2006 07:20 PM]
"SpySweeper"="C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" [06/21/2007 06:57 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 01:56 AM]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [08/31/2007 05:46 PM]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:Program FilesQualcommEudoraEuShlExt.dll [11/06/2003 11:19 AM 86016]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAcrobat Assistant.lnk
backup=C:WINDOWSpssAcrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk
backup=C:WINDOWSpssAdobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeqttask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoxioAudioCentral]
"C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoxioDragToDisc]
"C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRoxioEngineUtility]
"C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdateManager]
"C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7535 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-23 13:36:02 ------------


Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 510 MiB / 151.52 MiB
Pagefile Memory (total/avail): 4536.53 MiB / 4139.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.36 MiB

C: is Fixed (NTFS) - 37.24 GiB total, 15.44 GiB free.
D: is CDROM (No Media)

.PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesSmartFTPSmartFTP.exe"="C:Program FilesSmartFTPSmartFTP.exe:*:Enabled:SmartFTP Client"
"C:Program FilesRSSoftRSEDNClient.exe"="C:Program FilesRSSoftRSEDNClient.exe:*:Enabled:RSEDNClient"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesInternet Exploreriexplore.exe"="C:Program FilesInternet Exploreriexplore.exe:*:Disabled:Internet Explorer"
"C:Program FilesVoipStunt.comVoipStuntVoipStunt.exe"="C:Program FilesVoipStunt.comVoipStuntVoipStunt.exe:*:Enabled:VoipStunt"
"C:Downloadutorrent.exe"="C:Downloadutorrent.exe:*:Enabled:µTorrent"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Disabled:Firefox"
"C:Documents and SettingsKumarApplication DataSopCastadvSopAdver.exe"="C:Documents and SettingsKumarApplication DataSopCastadvSopAdver.exe:*:Disabled:SopAdver"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesVideoLANVLCvlc.exe"="C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player"
"C:Program FilesSopCastSopCast.exe"="C:Program FilesSopCastSopCast.exe:*:Disabled:SopCast Main Application"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsKumarApplication Data
CLASSPATH=.;C:Program FilesJavajre1.5.0_06libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=UCEP31
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsKumar
LOGONSERVER=UCEP31
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:Program FilesInternet Explorer;;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesCommon FilesRoxio SharedDLLShared;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.5.0_06libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1KumarLOCALS~1Temp
TMP=C:DOCUME~1KumarLOCALS~1Temp
USERDOMAIN=UCEP31
USERNAME=Kumar
USERPROFILE=C:Documents and SettingsKumar
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Kumar (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:Program FilesDivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:WINDOWSatmoUn.exe
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Illustrator 10 --> "C:Program FilesInstallShield Installation Information{412033BC-44CF-48D9-B813-4B835101F4D3}setup.exe"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe SVG Viewer 3.0 --> C:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe -u -fC:Program FilesCommon FilesAdobeSVG Viewer 3.0UninstallInstall.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Audacity 1.3.3 (Unicode) --> "C:Program FilesAudacity 1.3 Beta (Unicode)unins000.exe"
CCleaner (remove only) --> "C:Program FilesCCleaneruninst.exe"
CSTE --> C:WINDOWSst6unst.exe -n "C:Program FilesCSTEST6UNST.LOG"
DivX --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter --> C:Program FilesDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Eudora --> C:WINDOWSIsUninst.exe -f"C:Program FilesQualcommEudoraUninst.isu" -c"C:Program FilesQualcommEudoraEudUnInst.dll"
FLV Player 1.3.3 --> "C:Program FilesFLVPlayeruninstall.exe"
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Flash MX 2004 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2F353D44-73BB-4971-B31D-F7642E9E9531}Setup.exe" -l0x9 UNINSTALL
McAfee VirusScan Enterprise --> MsiExec.exe /X{1912F734-6580-4620-8AFD-ECCCEA19CDE2}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B6F7DBE7-2FE2-458F-A738-B10832746036}Setup.exe" -L0x9
Move Networks Media Player for Internet Explorer --> C:Documents and SettingsKumarApplication DataMove Networksie_binUninst.exe
Mozilla Firefox (2.0.0.16) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
PicturesToExe 5.1 --> C:Program FilesWnSoft PicturesToExe5.1uninst.exe
QuickTime --> C:PROGRA~1COMMON~1INSTAL~1Driver11INTEL3~1IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
SopCast 1.1.2 --> C:Program FilesSopCastuninst.exe
SopCore 1.1.2 --> C:Program FilesSopCastuninst.exe
Spy Sweeper --> "C:Program FilesWebrootSpy Sweeperunins000.exe"
Spybot - Search & Destroy --> "C:Program FilesSpybot - Search & Destroyunins000.exe"
TVAnts 1.0 --> C:PROGRA~1TVAntsUNWISE.EXE C:PROGRA~1TVAntsINSTALL.LOG
Unit of Measure Converter --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{47034D2D-5E16-4BE8-91BF-1FE8C411A2EA}Setup.exe" -l0x9
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VideoLAN VLC media player 0.8.2 --> C:Program FilesVideoLANVLCuninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
WinZip --> C:Program FilesWinZipWINZIP32.EXE /uninstall
Yahoo! Anti-Spy --> C:PROGRA~1Yahoo!Commonunypsr.exe
Yahoo! Browser Services --> C:PROGRA~1Yahoo!Commonunyext.exe
Yahoo! Internet Mail --> C:WINDOWSsystem32regsvr32 /u /s C:PROGRA~1Yahoo!Commonymmapi.dll
Yahoo! Messenger --> C:PROGRA~1Yahoo!MESSEN~1UNWISE.EXE C:PROGRA~1Yahoo!MESSEN~1INSTALL.LOG
Yahoo! Toolbar --> C:PROGRA~1Yahoo!Commonunyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3841 / Error
Event Submitted/Written: 07/23/2008 11:51:20 AM
Event ID/Source: 1000 / McLogEvent
Event Description:
Error opening or creating log file (Access is denied.
)

Event Record #/Type3835 / Warning
Event Submitted/Written: 07/23/2008 11:48:46 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3833 / Error
Event Submitted/Written: 07/21/2008 04:11:37 PM
Event ID/Source: 1000 / McLogEvent
Event Description:
Error opening or creating log file (Access is denied.
)

Event Record #/Type3828 / Error
Event Submitted/Written: 07/21/2008 04:08:16 PM
Event ID/Source: 1000 / McLogEvent
Event Description:
Error opening or creating log file (Access is denied.
)

Event Record #/Type3822 / Error
Event Submitted/Written: 07/21/2008 02:21:33 PM
Event ID/Source: 1000 / McLogEvent
Event Description:
Error opening or creating log file (Access is denied.
)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7961 / Warning
Event Submitted/Written: 07/23/2008 01:35:13 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%UCEP3127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %UCEP3127 can't undo changes that you allow.

For more information please see the following:
%UCEP31275

Scan ID: {EA94A860-13FF-4AC1-8278-AE2587481941}

User: UCEP31Kumar

Name: %UCEP31271

ID: %UCEP31272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %UCEP31276

Alert Type: %UCEP31278

Detection Type: 1.1.1593.02

Event Record #/Type7960 / Warning
Event Submitted/Written: 07/23/2008 01:35:11 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%UCEP3127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %UCEP3127 can't undo changes that you allow.

For more information please see the following:
%UCEP31275

Scan ID: {F6BCE92C-5E37-4950-8E05-A737D5648467}

User: UCEP31Kumar

Name: %UCEP31271

ID: %UCEP31272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %UCEP31276

Alert Type: %UCEP31278

Detection Type: 1.1.1593.02

Event Record #/Type7959 / Warning
Event Submitted/Written: 07/23/2008 01:35:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%UCEP3127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %UCEP3127 can't undo changes that you allow.

For more information please see the following:
%UCEP31275

Scan ID: {4EF26267-4D82-4577-A229-47615E4FB077}

User: UCEP31Kumar

Name: %UCEP31271

ID: %UCEP31272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %UCEP31276

Alert Type: %UCEP31278

Detection Type: 1.1.1593.02

Event Record #/Type7958 / Warning
Event Submitted/Written: 07/23/2008 01:35:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%UCEP3127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %UCEP3127 can't undo changes that you allow.

For more information please see the following:
%UCEP31275

Scan ID: {1E4F63AA-02FF-4A33-A36B-0665D894EC6E}

User: UCEP31Kumar

Name: %UCEP31271

ID: %UCEP31272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %UCEP31276

Alert Type: %UCEP31278

Detection Type: 1.1.1593.02

Event Record #/Type7957 / Warning
Event Submitted/Written: 07/23/2008 01:35:10 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%UCEP3127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %UCEP3127 can't undo changes that you allow.

For more information please see the following:
%UCEP31275

Scan ID: {FE6C78C9-856E-4809-9A6E-CCDA05775EC0}

User: UCEP31Kumar

Name: %UCEP31271

ID: %UCEP31272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %UCEP31276

Alert Type: %UCEP31278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-23 13:36:02 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 23 July 2008 - 08:58 PM.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:03 PM

Posted 07 August 2008 - 12:55 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:03 PM

Posted 16 August 2008 - 06:02 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users