Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Virus Gold/malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Oaxaca2008

Oaxaca2008

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 August 2008 - 07:54 PM

Thank you for your help. Attached are the DSS and Kaspersky logs
Deckard's System Scanner v20071014.68
Run by Craig on 2008-08-03 16:47:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-08-03 23:48:02 UTC - RP202 - Deckard's System Scanner Restore Point
68: 2008-08-02 22:22:35 UTC - RP201 - System Checkpoint
67: 2008-07-31 06:28:14 UTC - RP200 - System Checkpoint
66: 2008-07-30 06:20:35 UTC - RP199 - System Checkpoint
65: 2008-07-29 00:13:43 UTC - RP198 - System Checkpoint


-- First Restore Point --
1: 2008-05-05 23:11:43 UTC - RP134 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Craig.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:27, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Updater.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System\CMAS2DS.EXE
C:\WINDOWS\System\CMAS2DS.EXE
C:\WINDOWS\System\CMAS2DS.EXE
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Craig\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Craig.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ScanSpyware] "C:\Program Files\ScanSpyware v3.8.0.4\Scanner.exe"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096751121966
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125945758156
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://www.rampage.com/images/dot.gif
O24 - Desktop Component 1: (no name) - http://www.halloweencostumes4u.com/hallowe...eups/rub913.jpg
O24 - Desktop Component 2: (no name) - http://images.overstock.com/f/102/3117/8h/...ts/L1004736.jpg

--
End of file - 7648 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071030-193859-551 O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 IFPUSB (iRiver Internet Audio Player IFP-100) - c:\windows\system32\drivers\ifpusb.sys <Not Verified; iRiver, Inc.; IFP-100>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 cmvad (Linksys Wireless-G Music Bridge Interface) - c:\windows\system32\drivers\cmudaxv.sys <Not Verified; C-Media Electronics Inc; C-Media UDAX Audio WDM Driver>
R3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\craig\locals~1\temp\catchme.sys (file missing)
S3 SDVC05 (USB SDVC05) - c:\windows\system32\drivers\sdvc05.sys <Not Verified; HaSoInTech; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 23:34:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 13:42:22 0 d-------- C:\Documents and Settings\Craig\.SunDownloadManager
2008-08-02 16:42:24 3106 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-02 16:41:45 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-02 16:41:45 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-02 16:41:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-02 16:41:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-02 16:41:45 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-02 16:41:45 82944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-02 16:41:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-02 16:41:45 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-02 14:24:51 0 d-------- C:\Documents and Settings\Craig\Application Data\AVGTOOLBAR
2008-07-28 20:14:46 0 d--h----- C:\$AVG8.VAULT$
2008-07-27 19:45:48 0 d-------- C:\Documents and Settings\Jasmine\Application Data\AVGTOOLBAR
2008-07-27 16:55:09 0 d-------- C:\Documents and Settings\Amy\Application Data\AVGTOOLBAR
2008-07-27 16:16:04 0 d-------- C:\Program Files\Sun
2008-07-24 22:26:27 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-24 22:26:20 0 d-------- C:\Program Files\AVG
2008-07-24 22:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-07-27 16:15:47 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/27/2008 16:55 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/27/2008 16:55 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/02/2004 15:03]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [01/09/2004 16:01]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"iRiver Updater"="\Updater.exe" [07/01/2004 14:20]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [02/07/2005 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 19:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16]
"CmFlywaveName"="C:\WINDOWS\System\CmFlywav.exe" [10/05/2007 11:22]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/24/2008 22:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAds"="C:\Program Files\NoAds\NoAds.exe" [10/02/2004 13:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/2007 12:10]
"ScanSpyware"="C:\Program Files\ScanSpyware v3.8.0.4\Scanner.exe" [07/28/2005 04:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [10/2/2004 2:35:10 PM]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [10/2/2004 2:54:47 PM]
Ulead Photo Express Calendar Checker For My Custom Edition.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe [2/3/2006 10:34:37 PM]
Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2/3/2006 10:26:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"SavRoam"=3 (0x3)
"LexBceS"=2 (0x2)
"CVPND"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-08-03 16:50:21 ------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 21:01:10
Records in database: 1048748


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 100193
Threat name 10
Infected objects 27
Suspicious objects 22
Duration of the scan 02:16:26

File name Threat name Threats count
C:\Documents and Settings\Craig\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Craig\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1

C:\Documents and Settings\Craig\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-73569d21.zip Infected: Exploit.Java.Gimsh.a 1

C:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-4515772c.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\Jasmine\Local Settings\Application Data\Identities\{FC71F259-EF98-46F0-B0A6-0D0671BB7E43}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.dam 2

C:\Documents and Settings\Jasmine\Local Settings\Application Data\Identities\{FC71F259-EF98-46F0-B0A6-0D0671BB7E43}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 4

C:\Documents and Settings\Jasmine\Local Settings\Application Data\Identities\{FC71F259-EF98-46F0-B0A6-0D0671BB7E43}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.r 2

C:\Documents and Settings\Jasmine\Local Settings\Application Data\Identities\{FC71F259-EF98-46F0-B0A6-0D0671BB7E43}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.q 1

C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5f8e179f-14fd8cb4.class Infected: Trojan.Java.ClassLoader.Dummy.c 1

C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3759ed5b.zip Infected: Exploit.Java.Gimsh.a 1

C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc1416.bak Suspicious: Exploit.HTML.Iframe.FileDownload 7

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc1416.bak Infected: Email-Worm.Win32.NetSky.dam 3

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc1748.bak Suspicious: Exploit.HTML.Iframe.FileDownload 7

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc1748.bak Infected: Email-Worm.Win32.NetSky.dam 3

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc2113.bak Infected: Email-Worm.Win32.NetSky.dam 2

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc2113.bak Suspicious: Exploit.HTML.Iframe.FileDownload 4

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc2113.bak Infected: Email-Worm.Win32.NetSky.r 2

C:\RECYCLER\S-1-5-21-1960408961-113007714-839522115-1006\Dc2113.bak Infected: Email-Worm.Win32.NetSky.q 1

The selected area was scanned.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511 MiB / 262.81 MiB
Pagefile Memory (total/avail): 1249.71 MiB / 932.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.75 GiB total, 85.94 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L120AVV207-0 - 111.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.75 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Documents and Settings\\Craig\\Desktop\\WMB54G_SetupWizard\\WMB54G_20071113\\Setup.exe"="C:\\Documents and Settings\\Craig\\Desktop\\WMB54G_SetupWizard\\WMB54G_20071113\\Setup.exe:*:Disabled:Setup"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Craig\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PUSSER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Craig
LOGONSERVER=\\PUSSER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
TMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
USERDOMAIN=PUSSER
USERNAME=Craig
USERPROFILE=C:\Documents and Settings\Craig
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Craig (admin)
Amy (admin)
Jordan
Jasmine
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DELL TrueMobile 1180 Wireless USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D0A606-4E25-460E-A345-5A5695175B30}\setup.exe" -l0x9
DV Series --> C:\Program Files\DV Series\uninst.exe
DVC5.1 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}\Setup.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Encrypted FTP --> C:\PROGRA~1\EFTP\UNWISE.EXE C:\PROGRA~1\EFTP\INSTALL.LOG
EnZip --> C:\WINDOWS\uninst.exe -f"C:\Program Files\EnZip\DeIsL1.isu" -c"C:\Program Files\EnZip\_ISREG32.DLL"
EPSON CX 3800 Guide --> C:\Program Files\epson\guide\cx3800_e\uninstall.exe
EPSON PhotoCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\setup.exe" -l0x9 anything
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iRiver Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F1F35A7-8EA0-43B5-AEAF-B0B9AB1BEF97}\setup.exe" -l0x9
iRiver Updater --> \uninst.exe
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys Wireless-G Music Bridge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCDF8BE-8BE8-45F1-BDAD-1195131E5AC5}\setup.exe" -l0x9
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
NoAds --> "C:\Program Files\NoAds\Uninst.exe" C:\Program Files\NoAds\Uninst.ini
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSpyware v3.8.0.4 --> "C:\Program Files\ScanSpyware v3.8.0.4\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Send To Extensions PowerToy --> rundll32.exe C:\WINDOWS\system32\ShellExt\SENDTOX.DLL,Configure C:\WINDOWS\system32\ShellExt\SendToX.inf
Shockwave Player --> MsiExec.exe /X{930439A1-B49E-4A54-A499-31BDC1A91DE5}
Sound'Em 1.0 --> C:\Program Files\DV Series\UNWISE.EXE C:\Program Files\DV Series\install.log
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Target Context Menu (Remove Only) --> RunDll32.exe syssetup.dll,SetupInfObjectInstallAction Target_remove 4 C:\WINDOWS\system32\ShellExt\target.inf
TweakNow RegCleaner --> "C:\Program Files\TweakNow RegCleaner\unins000.exe"
Ulead COOL 360 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead COOL 360\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead COOL 360\IS32Inst.dll"
Ulead Photo Explorer 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0194539-8118-4FD7-8ABA-912B2D479B48}\setup.exe"
Ulead Photo Express 4.0 My Custom Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BCE515-D5A3-11D4-8E33-0010B53EC668}\setup.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}


-- Application Event Log -------------------------------------------------------

Event Record #/Type752 / Error
Event Submitted/Written: 08/02/2008 04:14:19 PM
Event ID/Source: 3 / crypt32
Event Description:
Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This network connection does not exist.

Event Record #/Type750 / Error
Event Submitted/Written: 08/02/2008 04:14:19 PM
Event ID/Source: 3 / crypt32
Event Description:
Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The server returned an invalid or unrecognized response

Event Record #/Type630 / Error
Event Submitted/Written: 07/24/2008 10:26:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avgcc.exe, version 7.5.0.526, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avgcc.exe!ws!]

Event Record #/Type606 / Warning
Event Submitted/Written: 07/22/2008 05:10:21 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}', feature 'DragToDisc' failed during request for component '{0AF9B2CE-3610-11D4-A788-009027ABA5D0}'

Event Record #/Type605 / Warning
Event Submitted/Written: 07/22/2008 05:10:21 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}', feature 'ECDC6', component '{E24B93D9-2AA3-4163-A87D-B39F46189B28}' failed. The resource 'C:\Program Files\Common Files\Roxio Shared\Upgrade\rsl.dll' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6155 / Error
Event Submitted/Written: 08/03/2008 01:50:35 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {18B30EBF-6B58-425E-AC54-831C05D91B5A}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe -Embedding

Event Record #/Type6154 / Error
Event Submitted/Written: 08/03/2008 01:48:51 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {18B30EBF-6B58-425E-AC54-831C05D91B5A}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe -Embedding

Event Record #/Type6152 / Error
Event Submitted/Written: 08/03/2008 00:42:40 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {18B30EBF-6B58-425E-AC54-831C05D91B5A}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe -Embedding

Event Record #/Type6151 / Error
Event Submitted/Written: 08/03/2008 00:42:30 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {18B30EBF-6B58-425E-AC54-831C05D91B5A}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe -Embedding

Event Record #/Type6150 / Error
Event Submitted/Written: 08/03/2008 00:40:55 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {18B30EBF-6B58-425E-AC54-831C05D91B5A}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe -Embedding



-- End of Deckard's System Scanner: finished at 2008-08-03 16:50:21 ------------

I can't get the malware to delete or clean off of the system. When i run a spyware scan it's back again. Your help is greatly appreciated!
Thank you, Craig (Oaxaca2008)

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 16 August 2008 - 05:04 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 21 August 2008 - 03:40 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users