Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Popups Keep Coming. Logs Attached.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Spots

Spots

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 26 July 2008 - 08:46 PM

I thought PC was infected with Trojan.vundo. Norton downloaded FixVundo.exe, fixed it for a couple days, but it has returned and can no longer be fixed by Norton FixVundo.exe - perhaps it's something else. I'm not very capable. Sorry. Pop-Up ads are being frequently generated from within the PC. OS is Windows XP Pro, SP-3. Some ads tell me my PC is infected (ad for Vista AntiVirus 2008), some for Fling.com (?), some for car shopping quote, and there are about 8-10 others which I cannot remember. When I select a different website on my browser (IE-6) it usually pops up an ad. I've been using an OLD (2003?) version of Norton Systemworks (updated automatically) for anti-virus, and the windows Firewall. And CA AntiSpam, also, for email spam. Also, Windows Defender has been running on the PC for a long time. And Ad-Aware SE plus Registry Easy. I ran the Kaspersky Scan, but when I clicked on "Save Report AS" it seems to have locked it up somehow

Deckard's System Scanner v20071014.68
Run by Vern on 2008-07-26 14:12:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-07-26 18:08:49 UTC - RP7 - Installed Java™ SE Development Kit 6 Update 7
6: 2008-07-26 18:00:02 UTC - RP6 - Removed Java 2 Runtime Environment, SE v1.4.2_05
5: 2008-07-26 17:40:46 UTC - RP5 - Uniblue RegistryBooster
4: 2008-07-26 09:48:46 UTC - RP4 - Windows Defender Checkpoint
3: 2008-07-26 05:53:20 UTC - RP3 - System Checkpoint


-- First Restore Point --
1: 2008-07-25 00:41:10 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Vern.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:15 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Registry Easy\RegEasy.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\msiexec.exe
D:\MY DOWNLOAD FILES\Java Software\jdk-6u7-windows-i586-p-iftw.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
D:\MY DOWNLOAD FILES\deckard's s s.exe
C:\Program Files\Common Files\Java\Update\Base Images\jdk1.6.0.b105\patch-jdk1.6.0_07.b06\patchsdk.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saabnet.com/tsn/bb/900/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O2 - BHO: (no name) - {2A5F0061-6C72-4C55-95EA-BDD9FD64D90E} - C:\WINDOWS\system32\byXNeCts.dll
O2 - BHO: (no name) - {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P36 "EPSON Stylus CX5800F Series (Copy 1)" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Ad-Aware SE.lnk = D:\MY DOWNLOAD FILES\Ad-Aware SE\Ad-Aware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216571918656
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab
O20 - Winlogon Notify: rqRHaYrr - rqRHaYrr.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9114 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>

S3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
S4 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 13:49:18 410 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-26 11:29:33 480 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-07-26 07:00:00 412 --a------ C:\WINDOWS\Tasks\RegEasy.job
2008-07-26 05:00:04 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-14 08:30:08 278 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 14:04:41 0 d-------- C:\Documents and Settings\Vern\.SunDownloadManager
2008-07-26 13:39:34 0 d-------- C:\Documents and Settings\Vern\Application Data\Uniblue
2008-07-26 13:29:10 0 d-------- C:\Program Files\Trend Micro
2008-07-26 12:57:13 116864 --a------ C:\WINDOWS\system32\xvnwqatb.dll
2008-07-26 12:54:13 95360 --a------ C:\WINDOWS\system32\byhwavoa.dll
2008-07-22 17:14:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-22 00:12:34 0 d-------- C:\Documents and Settings\Vern\.housecall6.6
2008-07-21 23:24:06 0 d-------- C:\WINDOWS\McAfee.com
2008-07-21 22:17:34 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-21 13:29:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-21 13:24:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-21 13:24:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-21 13:24:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-21 13:24:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-21 13:24:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-21 12:36:39 0 d-------- C:\Program Files\Cloudmark
2008-07-21 01:46:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-20 22:09:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-20 21:32:40 0 d-------- C:\Program Files\Lavasoft
2008-07-20 18:18:16 0 d-------- C:\Program Files\Windows Defender
2008-07-20 01:04:28 642179 --ahs---- C:\WINDOWS\system32\stCeNXyb.ini2
2008-07-20 01:04:22 322816 --a------ C:\WINDOWS\system32\byXNeCts.dll
2008-07-16 23:32:19 0 d-------- C:\Documents and Settings\Vern\Application Data\CallingID
2008-07-16 23:31:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-16 23:31:38 0 d-------- C:\Program Files\CA
2008-07-15 02:56:51 0 d--h----- C:\WINDOWS\PIF
2008-07-15 02:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Cloudmark
2008-07-15 02:42:51 0 d-------- C:\Documents and Settings\Vern\Application Data\Cloudmark
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files\Cloudmark
2008-07-15 02:41:43 0 d-------- C:\Program Files\Common Files\Zero G Software
2008-07-13 00:30:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 22:20:03 0 d-------- C:\Documents and Settings\Vern\browser - logitech
2008-07-07 22:08:36 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-07-07 22:08:28 0 d-------- C:\Program Files\Logitech
2008-07-07 22:08:17 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-07-06 12:23:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Amazon
2008-07-06 12:22:03 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-01 04:35:04 4194304 --a------ C:\Documents and Settings\Vern\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-26 14:13:01 0 d-------- C:\Program Files\Java
2008-07-26 11:32:38 0 d-------- C:\Program Files\Registry Easy
2008-07-25 19:08:21 0 d-------- C:\Program Files\Saab EPC
2008-07-25 17:46:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-22 17:13:03 0 d-------- C:\Program Files\Driver Sweeper
2008-07-21 01:54:56 0 d-------- C:\Program Files\KeyWords
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files
2008-07-12 00:10:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-16 11:25:08 0 d-------- C:\Program Files\Norton SystemWorks
2008-06-08 15:22:00 0 d-------- C:\Program Files\Movie Maker
2008-06-08 15:18:11 0 d-------- C:\Program Files\Windows NT
2008-05-31 00:33:27 0 d-------- C:\Program Files\Google
2008-05-30 02:10:34 0 d-------- C:\Documents and Settings\Vern\Application Data\SPAMfighter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A5F0061-6C72-4C55-95EA-BDD9FD64D90E}]
07/20/2008 01:04 AM 322816 --a------ C:\WINDOWS\system32\byXNeCts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"EPSON Stylus CX5800F Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [04/11/2002 02:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 11:19 PM]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 08:36 PM]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [01/16/2002 06:12 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [05/07/2008 04:39 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Ad-aware"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" [07/12/2003 10:00 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [07/16/2008 11:31 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [10/15/2007 09:40 PM 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaYrr]
rqRHaYrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNeCts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-26 14:14:48 ------------

_____________________________________________________________________________________________________________________________________

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1700+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 1023.48 MiB / 310.29 MiB
Pagefile Memory (total/avail): 2464.99 MiB / 1761.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 10.95 GiB free.
D: is Fixed (NTFS) - 55.9 GiB total, 47.19 GiB free.
E: is Fixed (NTFS) - 56.79 GiB total, 56.66 GiB free.
F: is Removable (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Installable File System - 56.79 GiB - E:

\\.\PHYSICALDRIVE1 - WDC WD600AB-00CBA1 - 55.9 GiB - 1 partition
\PARTITION0 - Installable File System - 55.9 GiB - D:

\\.\PHYSICALDRIVE2 - EPSON USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vern\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NUMBER4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vern
LOGONSERVER=\\NUMBER4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\MICROS~2\Office;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Vern\LOCALS~1\Temp
TMP=C:\DOCUME~1\Vern\LOCALS~1\Temp
USERDOMAIN=NUMBER4
USERNAME=Vern
USERPROFILE=C:\Documents and Settings\Vern
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vern (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}
--> MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ArcSoft Software Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{8270831B-8F2F-4B65-8E2C-9712054C38D1}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Website Inspector --> MsiExec.exe /X{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}
Cloudmark Desktop for Microsoft Outlook Express --> MsiExec.exe /X{6A17E55E-A254-4FDC-9BD6-C8140C9B9ECA}
CRYSTAL CALIBURN 2.6.1 --> MsiExec.exe /I{1F56104A-F275-4455-A28C-E0A796BB56D8}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InCD (Ahead Software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 7 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070}
KeyWords --> "C:\Program Files\KeyWords\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Encarta 96 Encyclopedia --> C:\Program Files\Microsoft Reference\Encarta 96 Encyc\setup\setup.exe
Microsoft Excel 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeXl.exe /w Excel97.stf
Microsoft Publisher 98 --> C:\Program Files\Microsoft Office\Office\Setup\Setup.exe /m
Microsoft Word 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nikon View 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Norton SystemWorks 2003 --> MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP nForce Drivers --> rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
OneTouch V3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet Xtreme --> "C:\Program Files\Ricochet Xtreme\ReflexiveArcade\unins000.exe"
Saab EPC --> C:\WINDOWS\uninst.exe -f"C:\Saab EPC\DeIsL1.isu"
ScreenPrint32 v3.5 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ScreenPrint32 v3\ST6UNST.LOG"
Solitaire Epic --> C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire Epic\uninstall.exe
Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
YOU DON'T KNOW JACK V1.0 --> C:\WINDOWS\unwise.exe C:\YDKJ\install.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type2192 / Error
Event Submitted/Written: 07/26/2008 01:16:32 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
avsubmitwindefend1.1.3704.0unspecified1.37.942.0trojan_win32_vundo.gen!eNILNILNILNILNIL

Event Record #/Type2190 / Error
Event Submitted/Written: 07/26/2008 05:00:03 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Event Record #/Type2177 / Warning
Event Submitted/Written: 07/25/2008 05:45:36 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2172 / Error
Event Submitted/Written: 07/25/2008 05:00:02 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Event Record #/Type2159 / Warning
Event Submitted/Written: 07/24/2008 01:23:11 PM / 07/24/2008 01:23:12 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5127 / Warning
Event Submitted/Written: 07/26/2008 02:13:33 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%NUMBER427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NUMBER427 can't undo changes that you allow.

For more information please see the following:
%NUMBER4275

Scan ID: {51CFC661-86D4-4F17-A06C-658EEFF03870}

User: NUMBER4\Vern

Name: %NUMBER4271

ID: %NUMBER4272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NUMBER4276

Alert Type: %NUMBER4278

Detection Type: 1.1.1593.02

Event Record #/Type5126 / Warning
Event Submitted/Written: 07/26/2008 02:13:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%NUMBER427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NUMBER427 can't undo changes that you allow.

For more information please see the following:
%NUMBER4275

Scan ID: {95CBDB37-F97A-4417-9BA9-9DACF12E8B47}

User: NUMBER4\Vern

Name: %NUMBER4271

ID: %NUMBER4272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NUMBER4276

Alert Type: %NUMBER4278

Detection Type: 1.1.1593.02

Event Record #/Type5125 / Warning
Event Submitted/Written: 07/26/2008 02:13:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%NUMBER427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NUMBER427 can't undo changes that you allow.

For more information please see the following:
%NUMBER4275

Scan ID: {288984A2-F9C4-4110-BBE5-FAEF0B145C39}

User: NUMBER4\Vern

Name: %NUMBER4271

ID: %NUMBER4272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NUMBER4276

Alert Type: %NUMBER4278

Detection Type: 1.1.1593.02

Event Record #/Type5124 / Warning
Event Submitted/Written: 07/26/2008 02:13:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%NUMBER427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NUMBER427 can't undo changes that you allow.

For more information please see the following:
%NUMBER4275

Scan ID: {B78BA275-C6DE-48EC-93D8-693EF8CB8490}

User: NUMBER4\Vern

Name: %NUMBER4271

ID: %NUMBER4272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NUMBER4276

Alert Type: %NUMBER4278

Detection Type: 1.1.1593.02

Event Record #/Type5123 / Warning
Event Submitted/Written: 07/26/2008 02:13:30 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%NUMBER427 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NUMBER427 can't undo changes that you allow.

For more information please see the following:
%NUMBER4275

Scan ID: {F852BD76-A155-4AFF-9864-1417A736F0BF}

User: NUMBER4\Vern

Name: %NUMBER4271

ID: %NUMBER4272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NUMBER4276

Alert Type: %NUMBER4278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-26 14:14:48 ------------

___________________________________________________________________________________________________________________________________


KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 26, 2008 22:54:14
Records in database: 1011969


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 57606
Threat name 5
Infected objects 10
Suspicious objects 0
Duration of the scan 01:29:31

File name Threat name Threats count
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FBA794B.exe Infected: Trojan-Downloader.Win32.Small.ykf 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32B937ED.exe Infected: Trojan-Downloader.Win32.Small.ykf 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33763B1C.dll Infected: Trojan.Win32.Vapsup.iqp 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34937FE4.dll Infected: Trojan.Win32.Vapsup.iqp 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34937FE4.exe Infected: Trojan.Win32.Vapsup.irr 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356728FA.dll Infected: Trojan.Win32.Vapsup.iqp 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\356A52F7.exe Infected: Trojan.Win32.Vapsup.irr 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44DC2323.exe Infected: Trojan.Win32.Vapsup.irr 1

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\763A507A.html Infected: Trojan-Downloader.JS.Agent.bi 1

D:\MY DOWNLOAD FILES\Screen capture downloads\scap13.zip Infected: Trojan-Downloader.Win32.SetupFactory.h 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:35 AM

Posted 08 August 2008 - 12:18 PM

chryssi2001 and I both posted a reply so I am leaving and chryssi2001 will help you.

Edited by suebaby41, 08 August 2008 - 12:48 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 08 August 2008 - 12:23 PM

Hello Spots,

I apologise for the delay, the forum is too busy.

If you still need help, post a HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 08 August 2008 - 02:40 PM

Please ignore my request for help, and I thank you. I downloaded and ran SUPERantispyware, which seemed to find the problems, and allowed me to delete the maliscious junk. Been running very nicely for 4-5 days! I'm assuming that all is well at this point. Thanks, again!

#5 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 08 August 2008 - 02:58 PM

@ suebaby41

Looks like we posted around the same time, sorry.

@ Spots,

Can you post a HijackThis log for me to check if everything is ok?
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#6 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 08 August 2008 - 07:41 PM

chryssi2001:

My PC seems to be running as nicely as ever, no stutters or stumbling. Thanks for looking into this!

____________________________________________________

Deckard's System Scanner v20071014.68
Run by Vern on 2008-08-08 20:33:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 83% (more than 75%).


-- HijackThis (run as Vern.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:22 PM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Registry Easy\RegEasy.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\qoeapp.exe
C:\Documents and Settings\Vern\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saabnet.com/tsn/bb/900/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P36 "EPSON Stylus CX5800F Series (Copy 1)" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB004" /M "Stylus C88"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216571918656
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqRHaYrr - rqRHaYrr.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9101 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-07-30 23:25:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
2008-07-26 23:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 23:15:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-26 23:15:33 0 d-------- C:\Documents and Settings\Vern\Application Data\SUPERAntiSpyware.com
2008-07-26 14:17:16 0 d-------- C:\Program Files\Sun
2008-07-26 14:04:41 0 d-------- C:\Documents and Settings\Vern\.SunDownloadManager
2008-07-26 13:39:34 0 d-------- C:\Documents and Settings\Vern\Application Data\Uniblue
2008-07-26 13:29:10 0 d-------- C:\Program Files\Trend Micro
2008-07-22 17:14:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-22 00:12:34 0 d-------- C:\Documents and Settings\Vern\.housecall6.6
2008-07-21 23:24:06 0 d-------- C:\WINDOWS\McAfee.com
2008-07-21 22:17:34 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-21 13:29:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-21 13:24:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-21 13:24:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-21 13:24:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-21 13:24:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-21 13:24:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-21 12:36:39 0 d-------- C:\Program Files\Cloudmark
2008-07-21 01:46:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-20 22:09:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-20 21:32:40 0 d-------- C:\Program Files\Lavasoft
2008-07-20 18:18:16 0 d-------- C:\Program Files\Windows Defender
2008-07-20 01:04:28 678284 --ahs---- C:\WINDOWS\system32\stCeNXyb.ini2
2008-07-16 23:32:19 0 d-------- C:\Documents and Settings\Vern\Application Data\CallingID
2008-07-16 23:31:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-07-16 23:31:38 0 d-------- C:\Program Files\CA
2008-07-15 02:56:51 0 d--h----- C:\WINDOWS\PIF
2008-07-15 02:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Cloudmark
2008-07-15 02:42:51 0 d-------- C:\Documents and Settings\Vern\Application Data\Cloudmark
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files\Cloudmark
2008-07-15 02:41:43 0 d-------- C:\Program Files\Common Files\Zero G Software
2008-07-13 00:30:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-08-08 12:21:58 0 d-------- C:\Program Files\Registry Easy
2008-08-07 23:21:19 0 d-------- C:\Program Files\Saab EPC
2008-08-05 13:37:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-05 13:10:19 0 d-------- C:\Program Files\EPSON
2008-08-04 11:32:08 0 d-------- C:\Program Files\Norton SystemWorks
2008-07-28 11:09:44 0 d-------- C:\Program Files\Online Services
2008-07-26 14:17:04 0 d-------- C:\Program Files\Java
2008-07-22 17:13:03 0 d-------- C:\Program Files\Driver Sweeper
2008-07-21 01:54:56 0 d-------- C:\Program Files\KeyWords
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files
2008-07-12 00:11:34 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-07-12 00:11:32 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-07-12 00:10:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 22:08:28 0 d-------- C:\Program Files\Logitech
2008-06-08 15:22:00 0 d-------- C:\Program Files\Movie Maker
2008-06-08 15:18:11 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"EPSON Stylus CX5800F Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [04/11/2002 02:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 11:19 PM]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 08:36 PM]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [01/16/2002 06:12 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [07/30/2008 11:25 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Ad-aware"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" [07/12/2003 10:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [07/16/2008 11:31 PM]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 08:00 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [06/23/2008 06:52 AM 1373624]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaYrr]
rqRHaYrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNeCts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-08 20:36:28 ------------

____________________________

#7 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 09 August 2008 - 03:20 AM

Hello Spots,

Unfortunately Vundo left some remainants on your pc. It's a really nasty infection.
----------------------------------------------
Since your Symantec (2003) has expired you should uninstall it.
Go in Add/Remove Programs, and uninstall all Norton and Symantec programs you find there.

Then run the tool below.

REMOVE NORTON

Please click HERE and follow the instructions to download and run the norton removal tool for your own version.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Also if your CAInternet Security Suite is only used for spam and email check, you should remove it and install one of the 2 below Antivirus (free).

Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.
----------------------------------------------
Registry Cleaners

I notice the presence of Registry Easy Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html
----------------------------------------------
I asked for a HijackThis log, and you posted a new DSS report.
I need a HijackThis log, because i need to make a fix. I can't do it with DSS.
You have HijackThis here:

C:\PROGRAM FILES\TRENDMICRO\HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following Folder:

C:\PROGRAM FILES\TRENDMICRO\HIJACKTHIS

Right-Click on HIJACKTHIS folder and copy/paste a shortcut on your desktop.
  • Double click to open HijackThis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#8 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 09 August 2008 - 01:42 PM

Hi Chryssi2001.

I've followed your procedure. I deleted Norton SystemWorks 2003 and CA AntiSpam. I installed Avast 4.8 Home and ran it. I deleted Registry Easy Registry Cleaner. And I've included a HijackThis Logfile I think (sorry about that - they all look the same to me!).

A question about Norton SystemWorks 2003: At least once a year I reformat my Drive C:\, and reinstall my software. When I do that and reinstall Norton it seems to update and give me 12 months of Live Updates. Is the program no good, even after it updates?

________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:49 PM, on 8/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saabnet.com/tsn/bb/900/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P36 "EPSON Stylus CX5800F Series (Copy 1)" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB004" /M "Stylus C88"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216571918656
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqRHaYrr - rqRHaYrr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7031 bytes

Edited by Spots, 09 August 2008 - 02:05 PM.


#9 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 10 August 2008 - 12:59 AM

Hello Spots,

I've followed your procedure. I deleted Norton SystemWorks 2003 and CA AntiSpam. I installed Avast 4.8 Home and ran it. I deleted Registry Easy Registry Cleaner. And I've included a HijackThis Logfile I think (sorry about that - they all look the same to me!).

Ok good.
No worries, of course they look the same to you, no need to apologise. :thumbsup:

A question about Norton SystemWorks 2003: At least once a year I reformat my Drive C:\, and reinstall my software. When I do that and reinstall Norton it seems to update and give me 12 months of Live Updates. Is the program no good, even after it updates?

I find this very unusual, but even if it was giving you Live Updates for 12 months, it is still an old version. We are in 2008 so that 2003 version can't cover your pc properly, and that maybe the reason you are infected.
New virusses, and infections are around every day and AntiVirusses companies updates their latest products versions to cover them.
----------------------------------------------
Disable MS Defender until the computer is clean
Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
You might want to uninstall your current AdAware version, as >>Ad-Aware 2008<< is out now, free for home users.

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware 6.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saabnet.com/tsn/bb/900/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O20 - Winlogon Notify: rqRHaYrr - rqRHaYrr.dll (file missing)


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Download and Run OTMoveIt2

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
C:\WINDOWS\system32\rqRHaYrr.dll
C:\WINDOWS\system32\stCeNXyb.ini2
C:\Program Files\Registry Easy
C:\WINDOWS\system32\byXNeCts
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2
----------------------------------------------
Post back:
OTMoveIt2 results.
A new DSS report.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#10 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2008 - 02:31 AM

File/Folder C:\WINDOWS\system32\rqRHaYrr.dll not found.
C:\WINDOWS\system32\stCeNXyb.ini2 moved successfully.
C:\Program Files\Registry Easy\RepairBackup\del moved successfully.
C:\Program Files\Registry Easy\RepairBackup moved successfully.
C:\Program Files\Registry Easy\FullBackup moved successfully.
C:\Program Files\Registry Easy moved successfully.
File/Folder C:\WINDOWS\system32\byXNeCts not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_033310

____________________________________________________________________

Deckard's System Scanner v20071014.68
Run by Vern on 2008-08-10 03:36:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Vern.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:14 AM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Vern\Desktop\OTMoveIt2.exe
D:\MY DOWNLOAD FILES\deckard's s s.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P36 "EPSON Stylus CX5800F Series (Copy 1)" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB004" /M "Stylus C88"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216571918656
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6617 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-09 13:36:51 0 d-------- C:\Program Files\Alwil Software
2008-07-30 23:25:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
2008-07-26 23:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 23:15:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-26 23:15:33 0 d-------- C:\Documents and Settings\Vern\Application Data\SUPERAntiSpyware.com
2008-07-26 14:17:16 0 d-------- C:\Program Files\Sun
2008-07-26 14:04:41 0 d-------- C:\Documents and Settings\Vern\.SunDownloadManager
2008-07-26 13:39:34 0 d-------- C:\Documents and Settings\Vern\Application Data\Uniblue
2008-07-26 13:29:10 0 d-------- C:\Program Files\Trend Micro
2008-07-22 17:14:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-22 00:12:34 0 d-------- C:\Documents and Settings\Vern\.housecall6.6
2008-07-21 23:24:06 0 d-------- C:\WINDOWS\McAfee.com
2008-07-21 22:17:34 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-21 13:29:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-21 13:24:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-21 13:24:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-21 13:24:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-21 13:24:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-21 13:24:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-21 01:46:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-20 22:09:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-20 18:18:16 0 d-------- C:\Program Files\Windows Defender
2008-07-16 23:32:19 0 d-------- C:\Documents and Settings\Vern\Application Data\CallingID
2008-07-15 02:56:51 0 d--h----- C:\WINDOWS\PIF
2008-07-15 02:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Cloudmark
2008-07-15 02:42:51 0 d-------- C:\Documents and Settings\Vern\Application Data\Cloudmark
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files\Cloudmark
2008-07-15 02:41:43 0 d-------- C:\Program Files\Common Files\Zero G Software
2008-07-13 00:30:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-08-09 13:13:32 0 d-------- C:\Program Files\Common Files
2008-08-08 21:05:10 0 d-------- C:\Program Files\eBay
2008-08-08 20:57:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 23:21:19 0 d-------- C:\Program Files\Saab EPC
2008-08-05 13:10:19 0 d-------- C:\Program Files\EPSON
2008-07-28 11:09:44 0 d-------- C:\Program Files\Online Services
2008-07-26 14:17:04 0 d-------- C:\Program Files\Java
2008-07-22 17:13:03 0 d-------- C:\Program Files\Driver Sweeper
2008-07-21 01:54:56 0 d-------- C:\Program Files\KeyWords
2008-07-12 00:11:34 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-07-12 00:11:32 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-07-07 22:08:28 0 d-------- C:\Program Files\Logitech


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"EPSON Stylus CX5800F Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [04/11/2002 02:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 11:19 PM]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 08:36 PM]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [01/16/2002 06:12 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 08:00 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNeCts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 03:36:41 ------------

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 10 August 2008 - 02:43 AM

Hello Spots,

That was fast :thumbsup:

We need to make a repair in your registry.
----------------------------------------------
Backup Your Registry with ERUNT
  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.
----------------------------------------------
Post a new DSS report.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#12 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 10 August 2008 - 01:50 PM

Hi, chryssi2001,

Deckard's System Scanner v20071014.68
Run by Vern on 2008-08-10 14:58:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Vern.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:57 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
D:\MY DOWNLOAD FILES\deckard's s s.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P36 "EPSON Stylus CX5800F Series (Copy 1)" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB004" /M "Stylus C88"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /M "Stylus C88" /EF "HKCU"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216571918656
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...343/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6451 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-09 13:36:51 0 d-------- C:\Program Files\Alwil Software
2008-07-30 23:25:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
2008-07-26 23:16:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 23:15:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-26 23:15:33 0 d-------- C:\Documents and Settings\Vern\Application Data\SUPERAntiSpyware.com
2008-07-26 14:17:16 0 d-------- C:\Program Files\Sun
2008-07-26 14:04:41 0 d-------- C:\Documents and Settings\Vern\.SunDownloadManager
2008-07-26 13:39:34 0 d-------- C:\Documents and Settings\Vern\Application Data\Uniblue
2008-07-26 13:29:10 0 d-------- C:\Program Files\Trend Micro
2008-07-22 17:14:33 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-22 00:12:34 0 d-------- C:\Documents and Settings\Vern\.housecall6.6
2008-07-21 23:24:06 0 d-------- C:\WINDOWS\McAfee.com
2008-07-21 22:17:34 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-21 13:29:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-21 13:24:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-21 13:24:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-21 13:24:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-21 13:24:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-21 13:24:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-21 13:24:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-21 13:24:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-21 13:24:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-21 01:46:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-20 22:09:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-20 18:18:16 0 d-------- C:\Program Files\Windows Defender
2008-07-16 23:32:19 0 d-------- C:\Documents and Settings\Vern\Application Data\CallingID
2008-07-15 02:56:51 0 d--h----- C:\WINDOWS\PIF
2008-07-15 02:42:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Cloudmark
2008-07-15 02:42:51 0 d-------- C:\Documents and Settings\Vern\Application Data\Cloudmark
2008-07-15 02:42:13 0 d-------- C:\Program Files\Common Files\Cloudmark
2008-07-15 02:41:43 0 d-------- C:\Program Files\Common Files\Zero G Software
2008-07-13 00:30:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-08-09 13:13:32 0 d-------- C:\Program Files\Common Files
2008-08-08 21:05:10 0 d-------- C:\Program Files\eBay
2008-08-08 20:57:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-07 23:21:19 0 d-------- C:\Program Files\Saab EPC
2008-08-05 13:10:19 0 d-------- C:\Program Files\EPSON
2008-07-28 11:09:44 0 d-------- C:\Program Files\Online Services
2008-07-26 14:17:04 0 d-------- C:\Program Files\Java
2008-07-22 17:13:03 0 d-------- C:\Program Files\Driver Sweeper
2008-07-21 01:54:56 0 d-------- C:\Program Files\KeyWords
2008-07-12 00:11:34 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-07-12 00:11:32 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-07-07 22:08:28 0 d-------- C:\Program Files\Logitech


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"EPSON Stylus CX5800F Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 01:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [04/11/2002 02:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 11:19 PM]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [05/15/2003 08:36 PM]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [01/16/2002 06:12 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 08:00 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [11/26/2007 02:47 PM]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [01/27/2005 04:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 14:59:21 ------------

#13 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2008 - 01:24 AM

Hello Spots,

Everything went good. You did great! :thumbsup:
----------------------------------------------
Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 2.0 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#14 Spots

Spots
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 11 August 2008 - 10:08 AM

Malwarebytes' Anti-Malware 1.24
Database version: 1040
Windows 5.1.2600 Service Pack 3

11:18:22 AM 8/11/2008
mbam-log-8-11-2008 (11-18-22).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 92585
Time elapsed: 27 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

#15 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2008 - 10:30 AM

Hello Spots,

Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users