Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Hjt Job - Virus Or Malaware On My Pc


  • This topic is locked This topic is locked
2 replies to this topic

#1 Uncle_Schmoo

Uncle_Schmoo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 23 July 2008 - 06:34 PM

I appear to have a virus or malaware on my PC. Running Windows XPSP2. Security is CA Security Centre latest version.

Symptoms are: -
Internet explorer is started (if not already running) and goes to one of the following to websites: - <http://www.wintechaiitm.com/debt/debt_problems3.htm>
<http://www.oldaffiliate.com/turn.htm>
Re-tries several times every 15 mins or so.
Also occasionally starts up DVD Decrypter application.

Attempted fixes so far: -
CA Security Centre Full Scan
Spybot
SuperAntiSpyware
WindowsInstallCleanup
RogueFix
CCCleaner

Have followed your procedure and run Kaspersky Scan and DDS with HyjackThis.

Log follows: -
Main.TXT
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-24 09:16:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-07-23 23:17:07 UTC - RP741 - Deckard's System Scanner Restore Point
6: 2008-07-23 10:39:07 UTC - RP740 - Removed Sonic Update Manager
5: 2008-07-23 09:03:40 UTC - RP739 - Software Distribution Service 3.0
4: 2008-07-23 04:22:58 UTC - RP738 - System Checkpoint
3: 2008-07-21 22:05:00 UTC - RP737 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-21 17:00:18 UTC - RP735 - Removed MyDVD


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:53 AM, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesMatrox Graphics IncPowerDeskServicesMatrox.PowerDesk.Services.exe
C:Program FilesMatrox Graphics IncPowerDesk SEMatrox.Pdesk.ServicesHost.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
C:WINDOWSsystem32svcprs32.exe
C:Program FilesCACA Internet Security Suiteccprovsp.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe
C:PROGRA~1VOBINSTAN~1IWCTRL.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesCACA Internet Security Suitecctraycctray.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe
C:WINDOWScfgmng32.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-6.0.1.33QOELoader.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32explorer.exe
C:WINDOWSsystem32lexpps.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywareCAPPActiveProtection.exe
C:WINDOWSsystem32mdmcls32.exe
C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCAGlobal.exe
C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorLightCAGlobalLight.exe
C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsOwnerDesktopdss.exe
C:HJTOwner.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost;*.local
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorToolbarCallingIDIE.dll
O4 - HKLM..Run: [IW Controlcenter] C:PROGRA~1VOBINSTAN~1IWCTRL.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [cctray] "C:Program FilesCACA Internet Security Suitecctraycctray.exe"
O4 - HKLM..Run: [CAVRID] "C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe"
O4 - HKLM..Run: [QuickTime Task] "C:qttask.exe" -atboottime
O4 - HKLM..Run: [dvHighMem] C:WINDOWScfgmng32.exe
O4 - HKLM..Run: [QOELOADER] "C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-6.0.1.33QOELoader.exe"
O4 - HKLM..Run: [cafw] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe -cl
O4 - HKLM..Run: [capfasem] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
O4 - HKLM..Run: [capfupgrade] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [explorer] C:WINDOWSsystem32explorer.exe
O4 - HKLM..Run: [Matrox PowerDesk SE] "C:Program FilesMatrox Graphics IncPowerDesk SEMatrox.PowerDesk SE.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUSS-1-5-18..Run: [Symantec NetDriver Warning] C:PROGRA~1SYMNET~1SNDWarn.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Symantec NetDriver Warning] C:PROGRA~1SYMNET~1SNDWarn.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:Program Fileswebexwebex350atonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:Program Fileswebexwebex350atonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mecqld.com/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gabbytwinklegabsspaces.spaces.live....ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://myob.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:Program FilesCACA Internet Security Suiteccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:Program FilesMatrox Graphics IncPowerDeskServicesMatrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc. - C:Program FilesMatrox Graphics IncPowerDesk SEMatrox.Pdesk.ServicesHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:WINDOWSsystem32svcprs32.exe

--
End of file - 10533 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:windowssystem32driversbthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 sisidex - c:windowssystem32driverssisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:windowssystem32driverssisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 cdrdrv - c:windowssystem32driverscdrdrv.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R1 vobcom - c:windowssystem32driversvobcom.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R1 vobiw - c:windowssystem32driversvobiw.sys <Not Verified; VOB Computersysteme GmbH; InstantWrite>
R2 aslm75 - c:windowssystem32driversaslm75.sys
R2 MaVctrl - c:windowssystem32driversmavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 BlueletAudio (Bluetooth Audio Service) - c:windowssystem32driversblueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:windowssystem32driversbtnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:windowssystem32driversbtcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:windowssystem32driversvbtenum.sys
S3 dz2kscsi - c:windowssystem32driversdz2kscsi.sys <Not Verified; Hitachi Ltd.; HITACHI DZ-MV100/200 Series>
S3 dz2kusb - c:windowssystem32driversdz2kusb.sys <Not Verified; Hitachi Ltd.; HITACHI DZ-MV100/200 Series>
S3 jatmlano - c:documents and settingsgabbylocal settingstempjatmlano.sys
S3 MaRdPnp - c:windowssystem32driversmardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 VComm (Virtual Serial port driver) - c:windowssystem32driversvcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:windowssystem32driversvcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 WinSvchostManager (WinSock Svchost Manager) - c:windowssystem32svcprs32.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-21 18:30:03 514 --a------ C:WINDOWSTasksCAAntiSpywareScan_Daily as Owner at 1 16 PM.job
2008-07-07 13:30:08 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 03:29:49 0 d------c- C:HJT
2008-07-23 20:33:03 0 dr-h----- C:Documents and SettingsOwnerRecent
2008-07-23 20:29:36 0 d-------- C:Program FilesCCleaner
2008-07-23 19:49:35 0 d-------- C:Program FilesAPIMonitor
2008-07-23 19:48:49 0 d------c- C:Downloads
2008-07-23 19:24:00 0 d--h---c- C:Documents and SettingsAdministratorTemplates
2008-07-23 19:24:00 0 dr-----c- C:Documents and SettingsAdministratorStart Menu
2008-07-23 19:24:00 0 dr-h---c- C:Documents and SettingsAdministratorSendTo
2008-07-23 19:24:00 0 d--h---c- C:Documents and SettingsAdministratorRecent
2008-07-23 19:24:00 0 d--h---c- C:Documents and SettingsAdministratorPrintHood
2008-07-23 19:24:00 786432 --ah----- C:Documents and SettingsAdministratorNTUSER.DAT
2008-07-23 19:24:00 0 d--h---c- C:Documents and SettingsAdministratorNetHood
2008-07-23 19:24:00 0 d------c- C:Documents and SettingsAdministratorMy Documents
2008-07-23 19:24:00 0 d--h---c- C:Documents and SettingsAdministratorLocal Settings
2008-07-23 19:24:00 0 d------c- C:Documents and SettingsAdministratorFavorites
2008-07-23 19:24:00 0 d------c- C:Documents and SettingsAdministratorDesktop
2008-07-23 19:24:00 0 d---s--c- C:Documents and SettingsAdministratorCookies
2008-07-23 19:24:00 0 dr-h---c- C:Documents and SettingsAdministratorApplication Data
2008-07-23 19:24:00 0 d---s--c- C:Documents and SettingsAdministratorApplication DataMicrosoft
2008-07-21 06:29:45 0 d-------- C:Program FilesIE7New
2008-07-21 06:21:33 0 d------c- C:Documents and SettingsAll UsersApplication DataMatrox
2008-07-21 06:21:28 0 d------c- C:Documents and SettingsAll UsersApplication DataMatrox Graphics Inc
2008-07-21 06:21:27 0 d-------- C:Program FilesMatrox Graphics Inc
2008-07-21 06:20:44 0 d------c- C:mgafold
2008-07-21 06:19:40 0 d-------- C:Program FilesMatrox
2008-07-19 07:44:29 0 d------c- C:Documents and SettingsAll UsersApplication DataWinZip
2008-07-14 17:53:21 0 d-------- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-07-14 17:52:56 0 d-------- C:Documents and SettingsOwnerApplication DataSUPERAntiSpyware.com
2008-07-07 22:31:57 0 d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-07-07 21:38:46 90112 --a------ C:WINDOWSsystem32explorer.exe <Not Verified; aaaa; Explorer>
2008-07-07 07:50:23 0 d-------- C:Documents and SettingsOwnerApplication DataMedia Player Classic
2008-07-05 13:35:39 23 --a------ C:Documents and SettingsGabbyjagex_runescape_preferences.dat
2008-07-01 06:27:58 0 d-------- C:Program FilesFLV Player
2008-07-01 06:15:47 0 d-------- C:Program FilesK-Lite
2008-06-28 07:42:48 0 d-------- C:Program FilesMicrosoft SubinACL
2008-06-27 00:06:06 0 d-------- C:Program FilesMiniNova


-- Find3M Report ---------------------------------------------------------------

2008-07-24 02:41:44 0 d-------- C:Documents and SettingsOwnerApplication DataCallingID
2008-07-23 20:39:12 0 d-------- C:Program FilesCommon FilesInstallShield
2008-07-23 20:39:11 0 d-------- C:Program FilesSonic
2008-07-22 07:23:55 0 d-------- C:Program FilesCommon FilesEPSON
2008-07-22 03:44:42 0 d--h----- C:Program FilesInstallShield Installation Information
2008-07-22 03:41:51 0 d-------- C:Program FilesHasbro Interactive
2008-07-22 03:31:55 0 d-------- C:Program FilesEPSON
2008-07-22 02:59:53 0 d-------- C:Program FilesNokia
2008-07-22 02:59:03 0 d-------- C:Program FilesTwinz
2008-07-22 02:58:33 0 d-------- C:Program FilesGames
2008-07-22 02:54:50 0 d-------- C:Program FilesBarbie ® Riding Club
2008-07-21 06:17:22 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-07-19 07:37:18 0 d-------- C:Program FilesJava
2008-07-15 19:27:45 0 d-------- C:Program FilesDisney Interactive
2008-07-15 19:26:42 0 d-------- C:Program FilesDatawareGames
2008-07-05 06:49:49 0 d-------- C:Program FilesLexmark X1100 Series
2008-06-28 07:51:08 0 d-------- C:Program FilesWindows Resource Kits
2008-06-19 00:34:00 0 d-------- C:Program FilesiTunes
2008-06-19 00:33:52 0 d-------- C:Program FilesiPod
2008-06-19 00:32:40 0 d-------- C:Program FilesQuickTime
2008-06-19 00:31:06 0 d-------- C:Program FilesCommon Files
2008-06-19 00:31:06 0 d-------- C:Program FilesCommon FilesApple
2008-06-19 00:15:00 0 d-------- C:Program FilesAppleiTunes
2008-06-18 23:24:15 0 d-------- C:Program FilesWindows Installer Clean Up
2008-06-18 23:23:54 0 d-------- C:Program FilesMSECACHE
2008-06-16 07:49:34 56832 --a------ C:WINDOWSsystem32RBSpriteSurface350.dll
2008-06-16 07:49:34 27648 --a------ C:WINDOWSsystem32rbselectfolder350.dll
2008-06-16 07:49:34 73216 --a------ C:WINDOWSsystem32RBRegEx350.dll
2008-06-16 07:49:34 60416 --a------ C:WINDOWSsystem32rbap350.dll
2008-06-16 07:49:34 28672 --a------ C:WINDOWSsystem32MBSUsernamePlugin.DLL
2008-06-16 07:49:34 28160 --a------ C:WINDOWSsystem32MBSRegPlugin.DLL
2008-06-14 08:10:29 0 d-------- C:Program FilesMYOB EXO
2008-06-14 07:47:55 0 d-------- C:Program FilesMicrosoft SQL Server
2008-06-14 07:44:52 0 d-------- C:Program FilesMicrosoft.NET
2008-06-14 07:44:02 0 d-------- C:Program FilesMSXML 6.0
2008-06-14 07:33:38 0 d-------- C:Program FilesExonet
2008-06-08 08:53:56 6 --a------ C:WINDOWSsystem32mkghj.dll
2008-06-07 13:21:06 0 d-------- C:Program FilesCommon FilesScanner
2008-06-07 13:11:50 2732032 --a------ C:WINDOWSsystem32win32cpr.dll
2008-06-07 13:11:49 1564771 --a------ C:WINDOWSsystem32winsflt.dll
2008-06-07 13:04:05 0 d-------- C:Program FilesCA
2008-06-03 16:28:27 0 d-------- C:Program FilesNumbers Up! VP V1.2.1
2008-06-01 14:56:04 0 d-------- C:Program FilesMaestro Learning
2008-05-29 08:07:07 0 d-------- C:Documents and SettingsOwnerApplication DataAdobeUM
2008-05-27 20:50:36 0 d-------- C:Program FilesMicrosoft Visual Studio .NET 2003
2008-05-27 10:50:30 413696 --a----c- C:QTTask.exe <Not Verified; Apple Inc.; QuickTime>
2008-04-28 14:14:50 202827 --a------ C:WINDOWSsystem32atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
2008-04-24 17:29:46 23552 --a------ C:WINDOWSxobglu32.dll
2008-04-24 17:29:46 63488 --a------ C:WINDOWSxobglu16.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"IW Controlcenter"="C:PROGRA~1VOBINSTAN~1IWCTRL.EXE" [18/10/2001 09:46 AM]
"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [30/09/2003 02:30 PM]
"nwiz"="nwiz.exe" [30/09/2003 02:30 PM C:WINDOWSsystem32nwiz.exe]
"dla"="C:WINDOWSsystem32dlatfswctrl.exe" [22/10/2003 01:04 AM]
"Lexmark X1100 Series"="C:Program FilesLexmark X1100 Serieslxbkbmgr.exe" [20/08/2003 12:43 AM]
"NeroCheck"="C:WINDOWSsystem32NeroCheck.exe" [09/07/2001 10:50 AM]
"ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" []
"ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" []
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [10/06/2008 04:27 AM]
"cctray"="C:Program FilesCACA Internet Security Suitecctraycctray.exe" [07/05/2008 04:39 PM]
"CAVRID"="C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe" [14/06/2008 07:09 AM]
"QuickTime Task"="C:qttask.exe" [27/05/2008 10:50 AM]
"dvHighMem"="C:WINDOWScfgmng32.exe" [14/11/2007 12:34 PM]
"QOELOADER"="C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-6.0.1.33QOELoader.exe" [07/06/2008 01:16 PM]
"cafw"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe" [04/04/2008 03:46 PM]
"capfasem"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe" [04/04/2008 03:46 PM]
"capfupgrade"="C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe" [04/04/2008 03:46 PM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [02/06/2008 11:13 AM]
"explorer"="C:WINDOWSsystem32explorer.exe" [07/07/2008 09:38 PM]
"Matrox PowerDesk SE"="C:Program FilesMatrox Graphics IncPowerDesk SEMatrox.PowerDesk SE.exe" [13/03/2008 01:28 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [03/08/2004 11:56 PM]
"updateMgr"="C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [30/03/2006 03:45 PM]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"Symantec NetDriver Warning"=C:PROGRA~1SYMNET~1SNDWarn.exe

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Kodak EasyShare software.lnk - C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe [20/05/2005 3:36:16 AM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegistryTools"=1 (0x1)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoWindowsUpdate"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:Program FilesCACA Internet Security SuiteCA Website InspectorWebsiteInspectorLinkAdvisorCIDLinkAdvisor.dll [15/10/2007 09:40 PM 1373624]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"System"=" "

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyPFW]
UmxWnp.Dll 18/05/2007 01:30 PM 79368 C:WINDOWSsystem32UmxWNP.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEssSpkPhone]
essspk.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8772 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-24 09:20:11 ------------


Extra.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 511.53 MiB / 172.41 MiB
Pagefile Memory (total/avail): 1248.89 MiB / 767.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.8 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 23.56 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

.PHYSICALDRIVE0 - WDC WD800BB-00DKA0 - 74.53 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: CA Personal Firewall v10.0.0.157 (CA)
AV: CA Anti-Virus v9.0.0.171 (CA, Inc.)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe"="C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:WINDOWSsystem32LEXPPS.EXE"="C:WINDOWSsystem32LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:Program FilesRealRealPlayerrealplay.exe"="C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe"="C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsOwnerApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_05libextQTJava.zip
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=KYLIEALISTAIR
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsOwner
LOGONSERVER=KYLIEALISTAIR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesSonicMyDVD;C:Program FilesMicrosoft SQL Server80ToolsBinn;C:Program FilesCommon FilesUlead SystemsMPEG;C:Program FilesQuickTimeQTSystem;c:Program FilesMicrosoft SQL Server90Toolsbinn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_05libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1OwnerLOCALS~1Temp
TMP=C:DOCUME~1OwnerLOCALS~1Temp
USERDOMAIN=KYLIEALISTAIR
USERNAME=Owner
USERPROFILE=C:Documents and SettingsOwner
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Gabby (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:Program FilesCACA Internet Security SuiteCA Personal Firewallsetupccinstaller.exe" /u /silent /module="fw"
--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:WINDOWSSystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSSystem32MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> C:WINDOWSSystem32MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5A05B328-35EB-4CED-B16F-62FA5A2642E6}setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
101 Kid's Brainy Games --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{25AA6102-EA34-4045-BF7B-EEB3162AD006}SETUP.EXE" -l0x9
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader for Palm OS, 3.05 --> C:WINDOWSIsUninst.exe -f"C:Program FilesAdobeAdobe Reader for Palm OSAcroDesk.isu" -c"C:Program FilesAdobeAdobe Reader for Palm OSunpdf.dll"
Adobe Shockwave Player --> C:WINDOWSsystem32AdobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Ahead Nero Burning ROM --> C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Ahead NeroMediaPlayer --> C:WINDOWSUNNMP.exe /UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arthur's Computer Adventure --> C:WINDOWSUNINST.EXE -f"C:PROGRA~1LIVING~1DeIsL1.isu"
Arthur's Math Games --> C:Program FilesCreative WondersArthur's Math Gamesuninstal.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Anti-Spyware --> "C:Program FilesCACA Internet Security SuiteCA Anti-Spywaresetupccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus --> C:Program FilesCACA Internet Security SuiteCA Anti-Virusunvet32.exe
CA Internet Security Suite --> "C:Program FilesCACA Internet Security Suitecaunst.exe" /u
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CA Website Inspector --> MsiExec.exe /X{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:Program FilesCCleaneruninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
CutePDF Writer 2.4 --> C:WINDOWSsystem32uninscpw.exe C:Program Files
Dinosaurs --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{78354FE5-1988-4582-B1CB-4FDED79448EF}SETUP.EXE" -l0x9
Documents To Go --> MsiExec.exe /X{BF7BE540-A2D9-41C1-AFD3-1842CEE0B16C}
DVD Decrypter (Remove Only) --> "C:Program FilesDVD Decrypteruninstall.exe"
DVD Shrink 3.1.7 --> "C:Program FilesDVD Shrinkunins000.exe"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Exploring Our Solar System --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A6888DCB-945D-4462-A9BC-F499A0233C14}SETUP.EXE" -l0x9
FaxTools --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F45298E5-0083-426F-A668-1A2C5F04B8A0}setup.exe" -l0x9 ControlPanel
Finding Nemo --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{1A5488D7-314D-4CBC-89BF-C5B59510BDBA} NemoADVUninstall
Google Earth --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:HJTHijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
InstantWrite --> C:PROGRA~1VOBINSTAN~1IWUNIN~1.EXE -uninstall C:WINDOWSISUNINST.EXE -fC:PROGRA~1VOBINSTAN~1.ISU
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:Documents and SettingsAll UsersApplication DataKodakEasyShareSetup$SETUP_10009_1396aSetup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Leadtek WinFastDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C1939820-A945-11D4-86F6-0001031E5712}setup.exe" REMOVEALL
Lexmark X1100 Series --> C:WINDOWSSystem32spooldriversw32x863LXBKUN5C.EXE -dLexmark X1100 Series
LimeWire 4.16.6 --> "C:Program FilesLimeWireuninstall.exe"
Matrox PowerDesk-SE (GXM) --> MsiExec.exe /X{E767C4B7-BB9D-4A27-8DC2-1BB81D16BFB5}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Data Access Components KB870669 --> C:WINDOWSmuninst.exe C:WINDOWSINFKB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Rise Of Nations --> "C:Program FilesMicrosoft GamesRise of NationsUNINSTAL.EXE" /runtemp /addremove
Microsoft SQL Server 2005 --> "c:Program FilesMicrosoft SQL Server90Setup BootstrapARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Management Studio Express --> MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Mike's Monstrous Adventure --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4D2B1159-89F1-11D6-B2FB-0002A5E32BEF}setup.exe" Mike's Monstrous Adventure
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Operation --> C:WINDOWSuninst.exe -fc:PROGRA~1gamesOPERAT~1DeIsL1.isu
OTOY --> RunDll32 C:WINDOWSDOWNLO~1OTOYAX.dll,_RemoveGroove@16
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PdeDownload --> C:WINDOWSuninst.exe -f"C:Program FilesMITRE 10 LTD AUSTRALIAPdeDownloadDeIsL2.isu" -cC:PROGRA~1MITRE1~1PDEDOW~1_ISREG32.DLL
Phonics 3D Adventure --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2783475D-FFB9-4296-931A-C79A85BED054}SETUP.EXE" -l0x9
PowerDVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rayman 3 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}Setup.exe" -l0x9
Reader Rabbit Reading Ages 4-6 --> C:Program FilesGamesReader Rabbit Reading Ages 4-6uninstal.exe
Reading Blaster 2000 --> E:setup.exe -funinst.ins
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
RFFlow --> C:Program FilesRFFlowSETUP.EXE
Roll --> C:WINDOWSUniFish3.exe C:Program FilesHasbro InteractiveRollerCoaster TycoonRollerCoaster Tycoon.log
SAPI 5.1 --> MsiExec.exe /I{2131339E-F4C2-493E-8F74-810C8042EEC9}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SiS 900 PCI Fast Ethernet Adapter Driver --> C:Progra~1SiSLanUninst.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
Sonic Simple Backup --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
SoundMAX --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}Setup.exe"
Stuart Little Big City Adventures --> C:HASBROSTUART_LITTLEUninstall_Stuart.EXE
Tamagotchi --> C:Program FilesTamagotchiuninstall.exe
Ulead DVD MovieFactory SE --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{85F49DC5-81F1-11D5-B626-0010B5557563}Setup.exe" -l0x9
Ulead Photo Explorer 7.0 SE --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E38E1721-7FE7-11D4-A898-0000E83DCDA6}Setup.exe" -l0x9
Uninstall ESS Modem --> C:WINDOWSremvess
V1.2.1 --> "C:Program FilesAPIMonitorunins000.exe"
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx --> C:WINDOWSDOWNLO~1atcliun.exe
WebEx One-Click --> MsiExec.exe /I{8E560E1F-1DAE-40D5-B658-313779E8945A}
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5) --> C:PROGRA~1DIFXD6ACC4BE676423A2B130B78A4B627FC457D98997DPInst.exe /u C:WINDOWSsystem32DRVSTORE2wirepcp_69FADC00605194186DA779D20303F74BFB7E55F32wirepcp.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinFast Windows 2000/XP Display Drivers --> rundll32.exe C:WINDOWSSystem32nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type11059 / Error
Event Submitted/Written: 07/24/2008 03:14:53 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module wininet.dll, version 6.0.2900.3354, fault address 0x00028d04.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11058 / Success
Event Submitted/Written: 07/24/2008 02:38:53 AM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0

Event Record #/Type11057 / Success
Event Submitted/Written: 07/24/2008 02:38:53 AM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type11056 / Success
Event Submitted/Written: 07/24/2008 02:38:53 AM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type11055 / Success
Event Submitted/Written: 07/24/2008 02:38:33 AM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe registered successfully



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type105061 / Warning
Event Submitted/Written: 07/24/2008 04:02:03 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type104982 / Error
Event Submitted/Written: 07/23/2008 08:24:31 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
KmxAgent
KmxFile
KmxFw
KmxStart
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
VET-FILT
VET-REC
VETEFILE
VETMONNT
WS2IFSL

Event Record #/Type104981 / Error
Event Submitted/Written: 07/23/2008 08:24:31 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type104980 / Error
Event Submitted/Written: 07/23/2008 08:24:31 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Event Record #/Type104979 / Error
Event Submitted/Written: 07/23/2008 08:24:31 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-24 09:20:11 ------------


Hopefully you can assist me with this.

Regards,

Deactivate links. ~ OB

Sorry, forgot to include Kaspersky Log. I have manually deleted the infected files it found.
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 20:51:10
Records in database: 999411


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:
C:
D:
E:

Scan statistics
Files scanned 100267
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 01:48:30

File name Threat name Threats count
C:Documents and SettingsGabbyMy Documentssinstaller.exe Infected: not-a-virus:AdWare.Win32.Comet.c 1

C:Documents and SettingsOwnerMy DocumentsMy Musiclove really hurts without you.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

Merged posts. ~ OB

Edited by Orange Blossom, 23 July 2008 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 07 August 2008 - 04:31 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please scan again with Deckard's System Scanner and post a fresh log.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 16 August 2008 - 12:11 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users