Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Antivirus Xp 2008 / "critical Error" Alert

  • This topic is locked This topic is locked
3 replies to this topic

#1 Clare1


  • Members
  • 4 posts
  • Gender:Female
  • Location:England
  • Local time:01:32 AM

Posted 28 July 2008 - 06:15 PM

First of all, thankyou in advance to anyone who can help me.

This all started about 3 days ago, it must have been after I downloaded a dodgy file.

First of all, when opening any folders on my PC, this message would pop up and Internet Explorer would try to load:
"[Critical Error]
Attention, Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)"

After closing both the error message and Internet Explorer, IE wouldn't load any website up again and would occassionally crash. Also, a blue background with a yellow error box appeared saying that I needed to scan for spyware. Also, I couldn't access my screensaver - but I ran gpedit.msc and changed the settings so the screensaver tab could not be disabled.

So, later that day, I went changed some of the Folder Options (the one to show file extensions) and the error message on opening a folder stopped appearing.

However, when I restarted my computer, Antivirus XP 2008 loaded saying "1564 virus' had been detected" on my PC.

I had to leave my PC as it was for the weekend as I was away but when I got back home this morning, I decided to search for this Antivirus program and read that the problems I had been having were all connected. This is how I found this forum, I followed the instructions on http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ to get rid of Antivirus. It has "gone" but I'm not sure if any remnants of it are left.

The Malwarebytes' log from when I first scanned for the infected files is attached to this post.

I then followed the other instructions for this forum and ran Deckard's System Scanner.

Here is main.txt:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-29 00:05:23
Computer is in Normal Mode.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.24 GiB (less than 15%) free.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:32, on 29/07/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
D:\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Norton SystemWorks\Norton GoBack\GBPoll.exe
D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/cult/buffy/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - H:\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 10.0] "D:\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LXCECATS] rundll32 \3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ViewSonic Explorer V5.3] C:\WINDOWS\msdtcsw32.exe
O4 - HKCU\..\Run: [Veoh] "H:\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = E:\BlueSoleil\BlueSoleil.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142187528748
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/qadummy7...houseplayer.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...sh.
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcecoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

End of file - 12034 bytes

-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 00:05:11 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:27:19 0 d-------- C:\Program Files\Movavi Video Converter 5
2008-07-28 19:46:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation
2008-07-28 19:41:45 0 d-------- C:\Downloads
2008-07-28 18:27:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-28 18:27:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 18:27:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 19:14:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-27 19:12:47 0 d-------- C:\Program Files\Security Task Manager
2008-07-27 13:48:51 0 d-------- C:\Documents and Settings\Administrator\.SunDownloadManager
2008-07-26 00:05:51 43698 --a------ C:\WINDOWS\System32\xvid-uninstall.exe
2008-07-25 19:25:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia
2008-07-25 19:25:10 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-25 19:21:41 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-07-25 19:21:12 413760 --a------ C:\WINDOWS\System32\mpg4c32.dll
2008-07-25 19:21:12 261632 --a------ C:\WINDOWS\System32\mcdvd_32.dll
2008-07-25 01:50:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\ImTOO Software Studio
2008-07-25 00:14:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-07-24 12:50:32 0 d-------- C:\Program Files\Skelly Games
2008-07-16 23:23:19 0 d-------- C:\dwhelper
2008-07-12 22:36:19 0 d-------- C:\Program Files\DOSBox-0.63

-- Find3M Report ---------------------------------------------------------------

2008-05-06 07:01:28 45056 --a------ C:\WINDOWS\System32\Wnaspi32.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [01/04/2005 16:16]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [18/07/2006 16:55]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/09/2005 08:27]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [03/11/2004 00:59]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [11/03/2003 16:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 00:02]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [02/08/2005 18:45]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [26/07/2005 13:17]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/07/2005 10:36]
"Norton Ghost 10.0"="D:\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [14/09/2005 17:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"atwtusb"="atwtusb.exe" [21/09/2005 18:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"LXCECATS"="\3\LXCEtime.dll" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [23/08/2001 12:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/06/2006 13:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/07/2008 12:57]
"ViewSonic Explorer V5.3"="C:\WINDOWS\msdtcsw32.exe" []
"Veoh"="H:\Veoh\VeohClient.exe" [01/04/2008 18:35]
"@"="" []

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - E:\BlueSoleil\BlueSoleil.exe [16/07/2006 17:33:36]

"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

"NoWindowsUpdate"=1 (0x1)

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [27/07/2008 12:57 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\System32\printer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ViewSonic Explorer V5.3]

-- End of Deckard's System Scanner: finished at 2008-07-29 00:06:00 ------------

Here is extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 510.68 MiB / 256.41 MiB
Pagefile Memory (total/avail): 1249.73 MiB / 856.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.78 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 9.76 GiB total, 0.25 GiB free.
D: is Fixed (FAT32) - 13.74 GiB total, 11.72 GiB free.
E: is Fixed (FAT32) - 13.74 GiB total, 10.18 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 465.76 GiB total, 419.85 GiB free.

\\.\PHYSICALDRIVE0 - Nikimi NIK-XC400A - 37.28 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 9.77 GiB - C:
\PARTITION1 - Unknown - 13.76 GiB - D:
\PARTITION2 - Unknown - 13.75 GiB - E:

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - H:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;E:\SecureShell
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
ProgramFiles=C:\Program Files
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
USERPROFILE=C:\Documents and Settings\Administrator

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> H:\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4U DVD Ripper (version --> "D:\4U DVD Ripper\unins000.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
Ashampoo Movie Shrink & Burn 2 --> "D:\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE"
BitComet 0.91 --> E:\BitComet\uninst.exe
Blender (remove only) --> "D:\Blender\uninstall.exe"
BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
Bobble v1.3 --> "C:\Program Files\Bobble\unins000.exe"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Cake Mania Back to the Bakery (remove only) --> "D:\Cake Mania Back to the Bakery\Uninstall.exe"
CapturePad 1.0 --> E:\VRtainment\CapturePad\unins000.exe
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only) --> "E:\CCleaner\uninst.exe"
ColorPic --> C:\WINDOWS\ColorPic Uninstaller.exe
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
DivX Codec --> H:\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> H:\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> H:\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> H:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> H:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy GIF Animator 3.5 --> "D:\Easy GIF Animator\unins000.exe"
Filters Unlimited 2.0 Demo --> "H:\Filters Unlimited 2.0 Demo\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HangARoo v2.052 --> "C:\Program Files\NCBuy\HangARoo\unins000.exe"
Hijackthis 1.99.1 --> "D:\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> D:\Hijackthis\HijackThis.exe /uninstall
IBM ViaVoice Command and Control Runtime 5.3 - UK English --> e:\Bin\vunUK.exe ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUninst.exe -fe:\DeIsL1.isu
ImTOO DVD Ripper Platinum 5 --> D:\DVD Ripper Platinum 5\Uninstall.exe
ImTOO MPEG Encoder --> E:\MPEG Encoder 3\Uninstall.exe
ImTOO MPEG Encoder Ultimate --> D:\ImTOO\ImTOO MPEG Encoder Ultimate\Uninstall.exe
IMVU Avatar Chat Software --> E:\IMVU\Uninstall.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Animation Shop 3 --> MsiExec.exe /I{174D5678-D941-433C-BD23-58A5C7B0D36D}
jv16 PowerTools 1.3 --> "E:\jv16 PowerTools\unins000.exe"
Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINDOWS\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox ( --> D:\Mozilla Firefox\uninstall\helper.exe
MpcStar 2.9 --> C:\Program Files\MpcStar\uninst.exe
MPEG Encoder 3 --> E:\MPEG Encoder 3\Uninstall.exe
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MyHeritage Family Tree Builder --> E:\MyHeritage\Bin\Uninstall.exe
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Nero 7 Essentials --> MsiExec.exe /I{4F7C64E1-B6EB-4CE1-97CC-C7BD21DD1033}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Norton GoBack 4.1 --> MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks 2006 Premier --> MsiExec.exe /I{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}
Norton SystemWorks 2006 Premier (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}.exe" /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Papagayo 1.2 --> E:\Papagayo\unins000.exe
particleIllusion 3.0 --> C:\WINDOWS\IsUninst.exe -fe:\ParticleIllusion\Uninst.isu
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PhotoFiltre --> "E:\PhotoFiltre\Uninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\System32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Games Factory 2 Demo --> E:\The Games Factory 2\UninstTGF2.exe
There --> "H:\There\ThereClientUninst.exe"
Ulead COOL 3D 2.5 --> C:\WINDOWS\Ulead.dat\Uninstall\setup.exe
Ulead GIF Animator 5 Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ulead PhotoImpact 10 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE58B892-3825-4610-A6A2-E6EFCA83BD97}\Setup.exe" -l0x9
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verbix 7.3 --> E:\Verbix7\unins000.exe
Vidomi (remove only) --> "D:\Vidomi\uninst-Vidomi.exe"
Virtual DJ - Atomix Productions --> E:\VIRTUA~1\UNWISE.EXE E:\VIRTUA~1\INSTALL.LOG
WinAce Archiver 2.0 --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinHTTrack Website Copier 3.41 --> "E:\WinHTTrack\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Tablet Series --> Rmtablet KNL
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\System32\xvid-uninstall.exe"
YouRipper --> E:\You Ripper\Uninst.exe
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type41969 / Error
Event Submitted/Written: 07/28/2008 09:29:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application videoconverter.exe, version, faulting module unknown, version, fault address 0x4f444e49.

Event Record #/Type41966 / Error
Event Submitted/Written: 07/28/2008 09:18:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application videoconverterfix_.exe, version, faulting module videoconverterfix_.exe, version, fault address 0x00279516.

Event Record #/Type41965 / Error
Event Submitted/Written: 07/28/2008 09:16:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application videoconverterfix_.exe, version, faulting module videoconverterfix_.exe, version, fault address 0x00279516.

Event Record #/Type41964 / Error
Event Submitted/Written: 07/28/2008 09:15:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application videoconverter.exe, version, faulting module unknown, version, fault address 0x4f444e49.

Event Record #/Type41963 / Error
Event Submitted/Written: 07/28/2008 09:14:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application videoconverter.exe, version, faulting module unknown, version, fault address 0x4f444e49.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type39733 / Error
Event Submitted/Written: 07/28/2008 11:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At24.job command failed to start due to the following error:

Event Record #/Type39732 / Error
Event Submitted/Written: 07/28/2008 10:00:01 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At23.job command failed to start due to the following error:

Event Record #/Type39723 / Error
Event Submitted/Written: 07/28/2008 09:00:01 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At22.job command failed to start due to the following error:

Event Record #/Type39694 / Error
Event Submitted/Written: 07/28/2008 08:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At21.job command failed to start due to the following error:

Event Record #/Type39656 / Error
Event Submitted/Written: 07/28/2008 07:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At20.job command failed to start due to the following error:

-- End of Deckard's System Scanner: finished at 2008-07-28 23:34:00 ------------

The only noticable problems I'm having right now are that only Firefox will load on first attempt. Internet Explorer sometimes crashes or loads up blank and has to be refreshed to load a page up - it used to load up first time before this. However, I would just like to know if any of the infected files I found on my PC were very, very serious - ie. could send my details, passwords, etc. to someone else. Or if anything else on my computer needs to be looked at.

I've also attached the latest HijackThis log.

Again, any help will be greatly appreciated.

Attached Files

BC AdBot (Login to Remove)



#2 chryssi2001


  • Members
  • 1,930 posts
  • Local time:03:32 AM

Posted 08 August 2008 - 02:44 PM

Hello Clare1,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 Clare1

  • Topic Starter

  • Members
  • 4 posts
  • Gender:Female
  • Location:England
  • Local time:01:32 AM

Posted 08 August 2008 - 05:14 PM

Hi chryssi2001,

No problem, thanks for replying to my thread.

Right now everything is going well so it looks like Malwarebytes got rid of all the infected files. Internet Explorer is also working properly again now so I don't think I need any help at the moment.

Thankyou again, Clare.

#4 chryssi2001


  • Members
  • 1,930 posts
  • Local time:03:32 AM

Posted 09 August 2008 - 02:21 AM

Hello Clare1,

I am glad your problems are resolved. :thumbsup:
Now that your problem appears to be resolved, this thread will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users