Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected!


  • This topic is locked This topic is locked
3 replies to this topic

#1 wholeearthinc

wholeearthinc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 30 July 2008 - 04:08 PM

Hi - I was an idiot and opened an email from supposedly northwest airlines, saying my credit crad had just been charged and the ticket was attached. The attachment was a zip file that opened in winzip, I clicked on it, then saw it was an .exe file and tried stopping it.
Quite rapidly after that every program that I tried opening after that now has an error message reading "The instruction at "xxxxxxxxxx" referenced memory at "xxxxxxxxxx". the memory could not be "read" " Click on OK to terminate the program. Click on cancel to debug the program. (the "xxxxxxxxxx".s being different for every program I try to open.

Down in the tray on the lower right of my screen is a red circle with a white "X" That keeps opening a balloon that says "Your computer is infected! (no sh__!) IT is recommended to us special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!"

..and I don't know if that's a scam or not but it doesn't matter cause I keep getting the first error message when I click on that.
I can't open anything including IExplorer, so I can't download anything...even in safe mode.

Operating System: XP

I do have use of the laptop...but everything is on the other computer.

Please Help!!

Thanks!

From Scan:

Main txt:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-30 16:38:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-30 16:42:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINNT\system32\alg.exe
C:\WINNT\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe
C:\Program Files\TextBridge Pro 9.0\Bin\InstantAccess.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\WINNT\system32\braviax.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINNT\system32\xnetsrvc.exe
D:\deckards.exe
C:\WINNT\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll__BHODemonDisabled_NJAQRJNXKAYDLKVAOEARQSCHFOJRIWSE (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll__BHODemonDisabled_XTHXTSUOMDMTWBQBGQGDIQE (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Xerox_WorkCenter_C2424] C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe 1
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [braviax] C:\WINNT\system32\braviax.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINNT\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINNT\system32\braviax.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.azoogle.com (HKCU)
O15 - Trusted Zone: *.hotmail.com (HKCU)
O15 - Trusted Zone: https://www.linksynergy.com (HKCU)
O15 - Trusted Zone: *.msn.com (HKCU)
O15 - Trusted Zone: *.passport.com (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://autosupport.intuit.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://autosupport.intuit.com/sdccommon/download/tgcmd.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://autosupport.intuit.com/sdccommon/download/ssrc.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} () - https://components.viewpoint.com/MTSInstall...mer_content.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://jcsg-video2.sdsc.edu/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7650.5587731482
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553525000} () - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINNT\system32\mscoree.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\system32\WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe


--
End of file - 14061 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ppsio2 (PPDevice) - c:\winnt\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 smwdm - c:\winnt\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 DCamUSBGrandTek (Clever Cam 360 PC Camera) - c:\winnt\system32\drivers\clc360x1.sys <Not Verified; Grandtech Semiconductor Corp.; Grandtech GT891x DualMode DSC Driver>
S3 GT890x (%GrandTechICNameNT%) - c:\winnt\system32\drivers\clc360x0.sys <Not Verified; Grandtech Semiconductor Corp.; Grandtech USB Camera/Scanner Controller>
S3 IPFilter (Microsoft IntelliPoint Features driver) - c:\winnt\system32\drivers\ipfilter.sys (file missing)
S3 MTDVC2 (Panasonic DVC USB-SERIAL2 Driver for NT Technology) - c:\winnt\system32\drivers\mtdv2ku2.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; USB Driver for Panasonic DVC>
S3 MTDVC2_ENUM (Panasonic DVC COM2 Driver for NT Technology) - c:\winnt\system32\drivers\mtdv2ks2.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; COM Driver for Panasonic DVC>
S3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 usbhub20 (USB Hub Support) - c:\winnt\system32\drivers\usbhub20.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 22:25:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 14:35:37 314469 --a------ C:\WINNT\system32\winivstr.exe
2008-07-30 14:35:07 0 d--hs---- C:\Documents and Settings\NetworkService\Application Data\wsnpoem
2008-07-30 14:28:48 102 --a------ C:\WINNT\system32\delself.bat
2008-07-30 14:28:48 10240 --a------ C:\WINNT\system32\braviax.exe
2008-07-30 13:48:40 0 d--hs---- C:\Documents and Settings\LocalService\Application Data\wsnpoem
2008-07-25 11:43:42 0 d-------- C:\Program Files\LAUNCH! Web Helper
2008-07-14 16:26:27 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-13 13:00:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-13 12:58:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-09 23:16:40 0 d-------- C:\WINNT\system32\PreInstall
2008-07-09 18:11:34 1345269 --a------ C:\WINNT\XSitePro2 ClipArt Uninstaller.exe
2008-07-09 18:01:12 0 d-------- C:\WINNT\Prefetch
2008-07-09 18:01:10 524288 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-09 18:01:10 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-09 18:01:10 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-09 18:01:10 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-09 18:01:10 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-09 18:00:52 524288 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-09 18:00:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-09 18:00:52 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-09 18:00:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-09 18:00:52 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-09 17:55:27 1447447 --a------ C:\WINNT\XSitePro2 Uninstaller.exe
2008-07-09 17:51:30 0 d-------- C:\WINNT\system32\xircom
2008-07-09 17:51:00 0 d--h----- C:\WINNT\$hf_mig$
2008-07-09 17:47:03 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-07-09 17:47:02 0 d-------- C:\Program Files\XSitePro2
2008-07-09 17:46:47 0 d-------- C:\Program Files\Online Services
2008-07-09 17:45:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-09 17:45:49 0 d-------- C:\WINNT\srchasst
2008-07-09 17:45:36 0 d-------- C:\Program Files\Movie Maker
2008-07-09 17:45:27 0 d-------- C:\WINNT\system32\Restore
2008-07-09 17:42:44 0 d-------- C:\WINNT\system32\FxsTmp
2008-07-09 17:42:28 0 d-------- C:\Program Files\Messenger
2008-07-09 17:42:25 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-09 17:42:03 0 d-------- C:\WINNT\system32\MsDtc
2008-07-09 17:33:44 0 d-------- C:\Program Files\FlashGet
2008-07-09 17:22:55 0 d-------- C:\WINNT\system32\CatRoot2
2008-07-09 17:12:02 0 d-------- C:\Program Files\Apple Software Update
2008-07-09 17:12:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-09 17:11:26 0 d-------- C:\WINNT\setup.pss
2008-07-09 16:38:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\GetRight
2008-07-09 16:36:41 0 d-------- C:\Downloads
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\usmt
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\IME
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\icsxml
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\3com_dmi
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\3076
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\2052
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1054
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1042
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1041
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1037
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1033
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1031
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1028
2008-07-09 12:13:51 0 d-------- C:\WINNT\system32\1025
2008-07-09 12:13:51 0 d-------- C:\WINNT\Resources
2008-07-09 12:13:51 0 d-------- C:\WINNT\Provisioning
2008-07-09 12:13:51 0 d-------- C:\WINNT\PeerNet
2008-07-09 12:13:51 0 d-------- C:\WINNT\ehome


-- Find3M Report ---------------------------------------------------------------

2008-07-24 19:22:25 0 d-------- C:\Program Files\Keyword Analyzer
2008-07-09 17:47:03 0 d-a------ C:\Program Files\Common Files
2008-07-09 17:43:22 23156 --a------ C:\WINNT\system32\emptyregdb.dat
2008-07-09 17:42:23 0 d-------- C:\Program Files\Windows NT
2008-07-09 17:17:02 0 d-------- C:\Program Files\QuickTime
2008-07-09 16:43:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-06-21 18:26:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ewen Chia's My Free Website Builder
2008-06-21 18:24:55 0 d-------- C:\Program Files\My Free Web Site Builder
2008-05-31 22:35:40 0 d-------- C:\Program Files\e-Sword


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02/28/2006 08:00 AM C:\WINNT\system32\mobsync.exe]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 10:01 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINNT\AGRSMMSG.exe]
"HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" [12/11/2001 08:33 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2004 09:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"2wSysTray"="" []
"4FJ8AP24MZ@P#8"="" []
"oxydwgodcqp"="" []
"ViewMgr"="" []
"Xerox_WorkCenter_C2424"="C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe" [12/01/2004 07:26 AM]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [06/19/2000 08:51 AM]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [06/19/2000 08:56 AM]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [09/24/2005 01:30 AM]
"@"="" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [05/21/2008 06:31 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [06/14/2008 12:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"IMJPMIG8.1"="C:\WINNT\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 08:00 AM]
"IMEKRMIG6.1"="C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE" [02/28/2006 08:00 AM]
"MSPY2002"="C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 08:00 AM]
"PHIME2002ASync"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"PHIME2002A"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 08:00 AM]
"braviax"="C:\WINNT\system32\braviax.exe" [07/30/2008 02:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [05/17/2001 12:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"braviax"=C:\WINNT\system32\braviax.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [7/20/2005 10:02:36 AM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/31/2005 11:12:05 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/27/2008 6:00:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\STOPzilla]
IS3WLHandler.dll 02/03/2005 10:30 AM 24576 C:\WINNT\system32\IS3WLHandler.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot




-- End of Deckard's System Scanner: finished at 2008-07-30 16:47:24 ------------




Extra txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.8 MiB / 650.12 MiB
Pagefile Memory (total/avail): 2459.64 MiB / 2205.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.9 GiB total, 22.15 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 298.02 GiB total, 290.88 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD600JB-00CRA1 - 55.9 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.9 GiB - C:

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 298.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: CA Anti-Virus v9.0.0.171 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINNT\\system32\\xnetsrvc.exe"="C:\\WINNT\\system32\\xnetsrvc.exe:*:Disabled:XnetSrvc Module"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SOYATA
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SOYATA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM;C:\Program Files\WebLink SEO;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SOYATA
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

mark (admin)
Kiersten
dan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe PageMaker 6.5 --> C:\WINNT\uninst.exe -fC:\PM65\DeIsL2.isu
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Anti-Virus --> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
Canon S9000 --> C:\WINNT\System32\CNMCP3I.EXE -@C:\WINNT\IsUninst.exe -f"C:\BJPrinter\CNMWINNT\Canon S9000 Installer\Inst\DeIsL1.isu" -pCanon S9000-c"C:\BJPrinter\CNMWINNT\Canon S9000 Installer\Inst\bjinst.dll
Clever Cam 360 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDA57FF6-6701-11D5-B61F-0010D7096FC0}\setup.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CSVed 1.4.3 --> "C:\Program Files\CSVed\unins000.exe"
e-Sword --> MsiExec.exe /I{97D86AAF-0473-4457-A35F-066C84E83CB0}
EPSON Printer Software --> C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Hotfix for MDAC 2.80 (KB927779) --> "C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$\spuninst\spuninst.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Internet Explorer Q903235 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_07 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Keyword Analyzer --> "C:\Program Files\Keyword Analyzer\unins000.exe"
LAUNCH! Web Helper (remove only) --> C:\Program Files\LAUNCH! Web Helper\Uninstall.exe
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (1.0.1) --> C:\WINNT\UninstallFirefox.exe /ua "1.0.1 (en-US)"
Mozilla Firefox (1.0.5) --> C:\WINNT\UninstallFirefox.exe /ua "1.0.5 (en-US)"
My Free Web Site Builder --> "C:\Program Files\My Free Web Site Builder\unins000.exe"
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
P3 Expeditor J --> C:\WINNT\IsUninst.exe -f"C:\Program Files\P3Software\P3Expeditor\Uninst.isu"
PaperPort 7.01 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PrimoPDF --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0100A64F-7650-4580-9717-12F26CFF23CB}\setup.exe" -l0x9
QuickBooks Pro 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
QuickTime for Windows (32-bit) --> C:\WINNT\QTW32DEL.EXE
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Simple Search-Replace --> MsiExec.exe /X{04D645A0-18D5-4C33-8D2A-7E93944982DB}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STOPzilla! --> MsiExec.exe /X{7E201A72-3954-46E5-B78F-A0992FCA42C9}
StuffIt Standard --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7D863662-0AB4-40BD-AD9F-A2ED548C3187}
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
TextBridge Pro 9.0 --> C:\Program Files\TextBridge Pro 9.0\Bin\Setup.exe -y -f"C:\Program Files\TextBridge Pro 9.0\Bin\Uninst.ins"
Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
USB Driver for Panasonic DVC --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6304CCF6-3343-4DA5-96B6-84B3A644B93B} /l1033
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xerox WorkCentre C2424 Scan Driver --> C:\Program Files\Xerox\WorkCentre C2424\xc24undo.exe
XSitePro2 --> C:\WINNT\XSitePro2 Uninstaller.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2170 / Error
Event Submitted/Written: 07/30/2008 10:07:07 AM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooksReturning NULL QBWinInstance Handle

Event Record #/Type2169 / Error
Event Submitted/Written: 07/30/2008 10:07:07 AM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooksReturning NULL QBWinInstance Handle

Event Record #/Type2168 / Error
Event Submitted/Written: 07/30/2008 10:07:07 AM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooksReturning NULL QBWinInstance Handle

Event Record #/Type2161 / Error
Event Submitted/Written: 07/29/2008 03:05:57 PM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooksReturning NULL QBWinInstance Handle

Event Record #/Type2160 / Error
Event Submitted/Written: 07/29/2008 03:05:57 PM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooksReturning NULL QBWinInstance Handle



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type137711 / Error
Event Submitted/Written: 07/30/2008 04:13:13 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type137710 / Error
Event Submitted/Written: 07/30/2008 04:13:13 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type137709 / Error
Event Submitted/Written: 07/30/2008 04:13:13 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type137708 / Error
Event Submitted/Written: 07/30/2008 04:13:13 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type137707 / Error
Event Submitted/Written: 07/30/2008 04:13:13 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-07-30 16:47:24 ------------

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 09 August 2008 - 12:17 PM

Hello wholeearthinc,

I apologise for the delay, the forum is too busy.

You are severely infected.
You have a password stealer trojan.

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
----------------------------------------------

I do have use of the laptop...but everything is on the other computer.

So do you have another pc, we can download tools using a USB (Flash Drive)?

If yes, post a HijackThis log as per my instructions below:
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Edited by chryssi2001, 09 August 2008 - 12:23 PM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 14 August 2008 - 01:03 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 14 August 2008 - 01:03 AM

Double post due to BC temporary unavailable.

Edited by chryssi2001, 14 August 2008 - 01:05 AM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users