Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"virus Alert!" In Taskbar, Military Time, No "c:" Drive Listed In My Computer


  • This topic is locked This topic is locked
3 replies to this topic

#1 shantishakti

shantishakti

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 27 July 2008 - 07:44 PM

Hi, I'm sure glad there are folks out there like you to help me.

I had various infections that included Virtumonde and Vista Antivirus 2008. Spybot and others seem to fix most everything, but I have not been able to figure out how to remove the "VIRUS ALERT!" from the taskbar and the clock is set to military time. I also am not able to locate the C: drive from My Computer, although I can access things on it from other locations. I have seen here and other sites that I am not alone with this problem...so I am grateful to see that others seem to be able to take care of it with your help. Thank you.

Here are my various reports:

Deckard's System Scanner v20071014.68
Run by zdk on 2008-07-27 17:23:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.05 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-27 17:29:56
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\SMSS.EXE
C:\WINDOWS\system32\CSRSS.EXE
C:\WINDOWS\system32\WINLOGON.EXE
C:\WINDOWS\system32\SERVICES.EXE
C:\WINDOWS\system32\LSASS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\mstask.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\wbem\WinMgmt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sys3F.exe] C:\Windows\Sys3F.exe
O4 - HKLM\..\Run: [Sys40.exe] C:\Windows\Sys40.exe
O4 - HKLM\..\Run: [Sys42.exe] C:\Windows\Sys42.exe
O4 - HKLM\..\Run: [Sys43.exe] C:\Windows\Sys43.exe
O4 - HKLM\..\Run: [Sys41.exe] C:\Windows\Sys41.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Sys3F.exe] C:\Windows\Sys3F.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147932883187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147933037000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ljJYSljk - C:\WINDOWS\system32\ljJYSljk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\system32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 8829 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>

S0 Winkq74 - c:\windows\system32\drivers\winkq74.sys
S2 Ca533av (Polaroid Digital Cam Video) - c:\windows\system32\drivers\ca533av.sys <Not Verified; Digital Camera; Digital Camera Driver>
S3 InCDFat (Ahead InCDFat File System Driver) - c:\windows\system32\drivers\incdfat.sys <Not Verified; Nero AG; Ahead InCDFat File System Driver>
S3 USBCamera (Icatch(IV) Still Camera Device) - c:\windows\system32\drivers\bulk533.sys <Not Verified; USB BULK; Platform SDK Sample Code>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_80A71043&REV_91\3&61AAA01&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_80A71043&REV_91\3&61AAA01&0&20
Service: SISNIC


-- Scheduled Tasks -------------------------------------------------------------

2008-07-03 23:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 10:36:09 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_5cc.dat
2008-07-27 08:59:00 554194 ---h----- C:\WINDOWS\ShellIconCache
2008-07-27 08:32:40 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_514.dat
2008-07-25 12:53:13 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_51c.dat
2008-07-25 08:01:26 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_69c.dat
2008-07-25 07:38:00 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_584.dat
2008-07-24 22:08:23 0 d--h----- C:\$AVG8.VAULT$
2008-07-24 22:00:58 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-24 22:00:55 0 d-------- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\AVGTOOLBAR
2008-07-24 22:00:26 0 d-------- C:\Program Files\AVG
2008-07-24 22:00:26 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-07-24 21:55:12 0 d-------- C:\Program Files\Enigma Software Group
2008-07-24 13:40:08 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_448.dat
2008-07-24 13:36:24 31744 --a------ C:\WINDOWS\Sys12.exe
2008-07-24 10:47:57 116864 --a------ C:\WINDOWS\system32\wixdqfog.dll
2008-07-24 10:13:29 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-24 10:13:25 0 d-------- C:\Program Files\Common Files\PC Tools
2008-07-24 10:13:14 0 d-------- C:\Program Files\Spyware Doctor
2008-07-24 10:13:14 0 d-------- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\PC Tools
2008-07-24 10:13:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-07-24 09:56:21 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_37c.dat
2008-07-24 08:22:14 94848 --a------ C:\WINDOWS\system32\ocfbgidh.dll
2008-07-24 08:20:31 116864 --a------ C:\WINDOWS\system32\wvytbawx.dll
2008-07-24 08:19:13 641 --ahs---- C:\WINDOWS\system32\opYHOUtv.ini2
2008-07-24 08:15:30 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_720.dat
2008-07-24 08:13:10 16384 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-24 08:13:03 0 d-------- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\TmpRecentIcons
2008-07-24 08:12:26 348160 --a------ C:\WINDOWS\nfavxwdbtav.dll
2008-07-24 08:12:26 86016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-24 08:12:26 94208 --a------ C:\WINDOWS\eegl.exe
2008-07-24 08:12:16 0 d-------- C:\Program Files\PCHealthCenter
2008-07-24 07:16:41 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_360.dat
2008-07-24 07:02:24 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_3c0.dat
2008-07-22 14:21:32 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_364.dat
2008-07-21 07:49:59 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_3c8.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-27 10:27:20 3284 --a------ C:\WINDOWS\system32\ANIWZCS{4115A70A-7712-48BF-949E-1911BB85C016}
2008-07-25 15:14:37 0 d-------- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\Adobe
2008-07-24 10:13:25 0 d-a------ C:\Program Files\Common Files
2008-07-24 09:41:15 0 d-a------ C:\Program Files\Yahoo!
2008-07-24 09:38:49 0 d--h----- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\yahoo!
2008-07-22 14:17:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-16 17:24:41 0 d-------- C:\Program Files\Google
2008-06-19 12:16:57 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_5e8.dat
2008-06-13 07:20:17 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_634.dat
2008-06-10 06:55:21 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_5c8.dat
2008-06-09 21:07:01 2419 --a------ C:\WINDOWS\mozver.dat
2008-06-09 21:06:32 0 d-------- C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data\Real
2008-06-09 21:03:13 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-09 21:03:10 0 d-a------ C:\Program Files\Common Files\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINDOWS\system32\mobsync.exe]
"HTpatch"="C:\WINDOWS\htpatch.exe" [10/30/02 02:40a]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [11/17/02 10:36a]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" []
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [10/11/02 06:26p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 05:25a]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/02 10:26p]
"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [06/11/03 01:52a]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [06/11/03 01:52a]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/23/06 05:06p]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/05 04:30p]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/05 04:30p]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [10/27/04 05:07p]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [10/14/04 11:17a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/08 11:16p]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/09/08 09:02p]
"Sys3F.exe"="C:\Windows\Sys3F.exe" []
"Sys40.exe"="C:\Windows\Sys40.exe" []
"Sys42.exe"="C:\Windows\Sys42.exe" []
"Sys43.exe"="C:\Windows\Sys43.exe" []
"Sys41.exe"="C:\Windows\Sys41.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [05/10/06 12:52p]
"Sys3F.exe"="C:\Windows\Sys3F.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [1/23/2006 10:36:42 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/17/2006 9:16:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYSljk]
ljJYSljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUOHYpo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkq74.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7791 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-27 17:31:14 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 479.53 MiB / 141.24 MiB
Pagefile Memory (total/avail): 1122.24 MiB / 790.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1954.69 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 3.05 GiB free.
D: is Fixed (FAT32) - 7.86 GiB total, 1.48 GiB free.
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC AC38400L - 7.87 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 7.87 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400BB-00FRA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE2 - HP Photosmart C4280 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DZK-1D6RLRBUF2H
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\zdk.DZK-1D6RLRBUF2H
LOGONSERVER=\\DZK-1D6RLRBUF2H
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINDOWS\system32\os2\dll;
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ZDK~1.DZK\LOCALS~1\Temp
TMP=C:\DOCUME~1\ZDK~1.DZK\LOCALS~1\Temp
USERDOMAIN=DZK-1D6RLRBUF2H
USERNAME=zdk
USERPROFILE=C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DZK (admin)
zdk.DZK-1D6RLRBUF2H (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 Tryout --> msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0 Tryout\Uninst.dll"
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AirPlus XtremeG --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{79B92240-9C65-4DD7-B1AD-59910D2C1353}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19234D4B-AA7A-4165-8ECB-0247B420C515}\Setup.exe" -l0x9 -uninst
Atmosphere Lite v5.5 --> "C:\Program Files\atmospherelite\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera TWAIN Driver 6.6 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3519A06E-33A4-4910-BB14-7BCE133BF46F} /l1033
CorelDRAW Design Collection - 2 --> MsiExec.exe /X{FE56F651-BAFF-49C9-9F8B-069D76EFA442}
CorelDRAW Design Collection - 3 --> MsiExec.exe /X{0A5E9BD7-2885-4B06-8CFD-2EC6BCE8110E}
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Photosmart All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
IKEA Home Planner --> MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}
ImageMixer for Sony DVD Handycam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD350FC2-A972-427D-800B-A2D200ACFF41}\setup.exe" UNINSTALL
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
National Geographic Maps --> C:\WINDOWS\IsUninst.exe -fC:\NGMAPS\DeIsL1.isu
Nero PhotoShow Express 4 --> "C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Polaroid Digital Cam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBF18108-DDC2-11D5-BEBF-00606733A9BE}\setup.exe"
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for DirectX 9 (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706) -->
Security Update for Windows 2000 (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sierra Print Artist 6.0 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PA6\Uninst.isu -c"C:\SIERRA\PA6\PASTP.DLL"
SiS 650_651_M650_M652_740 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.13\DeIsL1.isu"&P.U 4 sisgr.inf&-1
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
Sony DVD Handycam USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Star Wars DroidWorks --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lucas Learning\Star Wars DroidWorks\Uninst.isu"
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Video Edit Magic 4.1 --> "C:\Program Files\Deskshare\Video Edit Magic 4.1\unins000.exe"
Visual IP InSight(SBC) --> C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
Windows 2000 Service Pack 4 --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type4081 / Warning
Event Submitted/Written: 07/27/2008 10:30:43 AM / 07/27/2008 10:30:46 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function

Event Record #/Type4075 / Warning
Event Submitted/Written: 07/27/2008 08:36:18 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function

Event Record #/Type4074 / Warning
Event Submitted/Written: 07/27/2008 08:34:05 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function

Event Record #/Type4071 / Error
Event Submitted/Written: 07/25/2008 02:56:42 PM
Event ID/Source: 2001 / rasctrs
Event Description:


Event Record #/Type4070 / Error
Event Submitted/Written: 07/25/2008 02:56:40 PM
Event ID/Source: 2002 / PerfNet
Event Description:
Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2586 / Error
Event Submitted/Written: 07/27/2008 01:13:51 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: No action.

Event Record #/Type2585 / Warning
Event Submitted/Written: 07/27/2008 10:36:17 AM
Event ID/Source: 10047 / RSVP
Event Description:
QoS RSVP has failed to find any interfaces with traffic control enabled. Install QoS traffic control services via network and dial-up connections.

Event Record #/Type2584 / Error
Event Submitted/Written: 07/27/2008 10:36:04 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.

Event Record #/Type2583 / Warning
Event Submitted/Written: 07/27/2008 10:35:44 AM
Event ID/Source: 54 / pctfw2
Event Description:
\Device\PCTFWPL

Event Record #/Type2582 / Warning
Event Submitted/Written: 07/27/2008 10:31:25 AM
Event ID/Source: 2013 / Srv
Event Description:
The C: disk is at or near capacity. You may need to delete some files.



-- End of Deckard's System Scanner: finished at 2008-07-27 17:31:14 ------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 27, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 27, 2008 23:00:08
Records in database: 1015668
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
C:\Documents and Settings\zdk.DZK-1D6RLRBUF2H\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 49109
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:58:38


File name / Threat name / Threats count
C:\Program Files\PCHealthCenter\0.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\Program Files\PCHealthCenter\5.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.y 1
C:\Program Files\PCHealthCenter\5.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ab 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:09 PM

Posted 08 August 2008 - 01:01 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 shantishakti

shantishakti
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 08 August 2008 - 03:27 PM

Hi, and thank you.

I did get this taken care of.

Thanks again, and no worries on the time. I bet you have lots of folks who need help.

peace...

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:09 PM

Posted 10 August 2008 - 04:04 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users