Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32.virut


  • This topic is locked This topic is locked
3 replies to this topic

#1 Tim55253

Tim55253

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 PM

Posted 09 August 2008 - 09:06 PM

Hi a while ago i ran some scans and found out that my computer is infected with win32.virut and i googled it and found out that it was very difficult to remove and i was wondering if my computer still had hope. If my computer has no hope and i should reformat could you give me a guide cause im quite confused about reformating.

Heres my DSS logs

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-09 21:43:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-08-10 01:43:51 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-08-10 01:37:39 UTC - RP3 - Installed WinZip 11.2
2: 2008-08-10 01:33:35 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-08-10 01:20:43 UTC - RP1 - Unsigned driver install


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 4.29 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:27 PM, on 8/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Desktop\dss.exe
C:\DOCUME~1\OWNERY~1.009\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

--
End of file - 6604 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_70001799&REV_02\4&1A671D0C&0&50F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_70001799&REV_02\4&1A671D0C&0&50F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 20:56:00 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-08-08 19:25:01 452 --a------ C:\WINDOWS\Tasks\WebReg 20080707182503.job
2008-07-29 08:24:04 432 --a------ C:\WINDOWS\Tasks\WebReg 20080729082403.job
2008-06-16 20:51:42 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-04 21:49:05 384 --a------ C:\WINDOWS\Tasks\WebReg 20061204204905.job
2003-10-14 01:22:22 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 22:50:27 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-08-09 21:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-09 21:21:24 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Mozilla
2008-08-09 21:10:46 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Recent
2008-08-09 21:07:40 208896 --a------ C:\WINDOWS\System32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-08-09 21:00:11 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\SendTo
2008-08-09 21:00:11 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\PrintHood
2008-08-09 21:00:11 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\NetHood
2008-08-09 21:00:11 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\My Documents
2008-08-09 21:00:11 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Local Settings
2008-08-09 21:00:11 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Favorites
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Desktop
2008-08-09 21:00:11 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Cookies
2008-08-09 21:00:11 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Symantec
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Sun
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Sonic
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\SampleView
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Real
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\interMute
2008-08-09 21:00:11 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data\Identities
2008-08-09 21:00:10 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\WINDOWS
2008-08-09 21:00:10 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Templates
2008-08-09 21:00:10 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Start Menu
2008-08-09 21:00:10 786432 --ah----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\NTUSER.DAT
2008-08-09 20:56:13 10368 --a------ C:\WINDOWS\System32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-08-09 20:56:11 1630208 --a------ C:\WINDOWS\System32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-08-09 20:56:11 1150976 --a------ C:\WINDOWS\System32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-08-09 20:56:11 1581056 --a------ C:\WINDOWS\System32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-08-09 20:56:11 1675264 --a------ C:\WINDOWS\System32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-08-09 20:56:11 81920 --a------ C:\WINDOWS\System32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-08-09 20:56:10 69632 --a------ C:\WINDOWS\System32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-08-09 20:56:10 69632 --a------ C:\WINDOWS\System32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-08-09 20:56:10 81920 --a------ C:\WINDOWS\System32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-08-09 20:56:10 49152 --a------ C:\WINDOWS\System32\cpuinf32.dll <Not Verified; Intel Corporation; Intel CPUInfo>
2008-08-09 16:11:57 0 d-------- C:\Program Files\Alwil Software
2008-08-09 15:57:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-08-09 15:55:54 0 d-------- C:\Program Files\Sunbelt Software
2008-08-09 14:01:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 14:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 13:52:39 0 d-------- C:\Program Files\PrevxCSI
2008-08-09 13:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-09 13:51:56 0 d-------- C:\WINDOWS\McAfee.com
2008-08-09 13:34:47 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 13:07:55 78046 --a------ C:\WINDOWS\War3Unin.dat
2008-08-09 13:07:53 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-08-09 13:04:13 0 d-------- C:\Program Files\Warcraft III
2008-08-09 10:22:29 0 dr-hs---- C:\cmdcons
2008-08-09 10:22:05 0 d-------- C:\WINDOWS\setupupd
2008-08-08 22:10:46 0 d-------- C:\WINDOWS\Prefetch
2008-08-08 18:39:36 0 d-------- C:\Program Files\audible
2008-08-08 18:27:03 142464 --a------ C:\WINDOWS\System32\drivers\aec.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-08 18:26:57 172416 --a------ C:\WINDOWS\System32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-08 18:26:48 6400 --a------ C:\WINDOWS\System32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-08 18:26:43 82944 --a------ C:\WINDOWS\System32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-08 13:25:55 0 d-------- C:\Program Files\RegistrySmart
2008-08-08 13:13:36 0 d-------- C:\Program Files\Uniblue
2008-08-08 10:26:29 32768 --a------ C:\WINDOWS\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-08-08 00:00:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-07 21:55:13 0 dr-h----- C:\MSOCache
2008-08-07 21:40:44 0 d-------- C:\Program Files\Belkin
2008-08-07 20:49:48 0 d-------- C:\Program Files\Common Files\?ymantec
2008-08-07 20:45:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-07 20:44:16 0 d-------- C:\Program Files\STOPzilla!
2008-08-07 20:44:15 0 d-------- C:\Program Files\Common Files\iS3
2008-08-07 20:44:14 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-07 15:18:25 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\BitTorrent
2008-08-07 11:53:05 0 d-------- C:\Documents and Settings\Guest\Application Data\WinRAR
2008-08-07 11:29:19 0 d---s---- C:\Documents and Settings\Guest\UserData
2008-08-07 00:38:13 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-08-07 00:38:12 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-08-07 00:33:33 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-08-07 00:31:05 0 d-------- C:\Documents and Settings\Guest\Application Data\Sonic
2008-08-07 00:31:05 0 d-------- C:\Documents and Settings\Guest\Application Data\SampleView
2008-08-07 00:31:05 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-08-07 00:31:05 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-08-07 00:31:05 0 d-------- C:\Documents and Settings\Guest\Application Data\interMute
2008-08-07 00:31:05 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-08-07 00:31:04 0 d-------- C:\Documents and Settings\Guest\WINDOWS
2008-08-07 00:31:04 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-08-07 00:31:04 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-08-07 00:31:04 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-08-07 00:31:04 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-08-07 00:31:04 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-08-07 00:31:04 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-08-07 00:31:04 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-08-07 00:31:04 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-08-07 00:31:04 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-08-07 00:31:04 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-08-07 00:31:04 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-08-07 00:31:04 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-08-07 00:31:04 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-08-07 00:31:04 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-08-07 00:31:04 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-08-04 17:00:46 0 d-------- C:\Program Files\ZyX
2008-08-04 16:34:00 0 d-------- C:\Program Files\VMLaunch
2008-08-04 16:21:58 0 d-------- C:\Program Files\D-Tools
2008-08-04 02:05:34 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\WinRAR
2008-08-03 20:40:29 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\DNA
2008-08-03 19:41:32 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\LimeWire
2008-08-03 19:40:36 0 d-------- C:\Program Files\Sun
2008-08-02 18:29:57 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Macromedia
2008-08-02 18:29:56 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Adobe
2008-08-02 18:05:18 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Nexon
2008-08-02 17:50:08 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Mozilla
2008-08-02 17:16:04 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Recent
2008-08-02 17:03:29 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Microsoft
2008-08-02 17:03:29 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\interMute
2008-08-02 17:03:29 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Identities
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\WINDOWS
2008-08-02 17:03:28 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Templates
2008-08-02 17:03:28 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Start Menu
2008-08-02 17:03:28 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\SendTo
2008-08-02 17:03:28 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\PrintHood
2008-08-02 17:03:28 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\NetHood
2008-08-02 17:03:28 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\My Documents
2008-08-02 17:03:28 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Local Settings
2008-08-02 17:03:28 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Favorites
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Desktop
2008-08-02 17:03:28 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Cookies
2008-08-02 17:03:28 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Symantec
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Sun
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Sonic
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\SampleView
2008-08-02 17:03:28 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\Application Data\Real
2008-08-02 17:03:27 1572864 --ah----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.004\NTUSER.DAT
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Favorites
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Desktop
2008-08-02 11:28:59 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Cookies
2008-08-02 11:28:59 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Symantec
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Sun
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Sonic
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\SampleView
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Real
2008-08-02 11:28:59 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Microsoft
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\interMute
2008-08-02 11:28:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Application Data\Identities
2008-08-02 11:28:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\WINDOWS
2008-08-02 11:28:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Templates
2008-08-02 11:28:58 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Start Menu
2008-08-02 11:28:58 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\SendTo
2008-08-02 11:28:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Recent
2008-08-02 11:28:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\PrintHood
2008-08-02 11:28:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\NetHood
2008-08-02 11:28:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\My Documents
2008-08-02 11:28:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\Local Settings
2008-08-02 11:28:57 524288 --ah----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.003\NTUSER.DAT
2008-08-02 11:23:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\interMute
2008-08-02 11:23:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Identities
2008-08-02 11:23:58 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\SendTo
2008-08-02 11:23:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Recent
2008-08-02 11:23:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\PrintHood
2008-08-02 11:23:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\NetHood
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\My Documents
2008-08-02 11:23:58 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Local Settings
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Favorites
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Desktop
2008-08-02 11:23:58 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Cookies
2008-08-02 11:23:58 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Symantec
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Sun
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Sonic
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\SampleView
2008-08-02 11:23:58 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Real
2008-08-02 11:23:58 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Application Data\Microsoft
2008-08-02 11:23:57 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\WINDOWS
2008-08-02 11:23:57 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Templates
2008-08-02 11:23:57 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\Start Menu
2008-08-02 11:23:57 524288 --ah----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.002\NTUSER.DAT
2008-08-01 18:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-01 16:18:36 0 d-------- C:\Program Files\Webtools
2008-08-01 16:10:53 0 d-------- C:\Documents and Settings\Timothy.YOUR-FSYLY0JTWN.001\Application Data\MyPhoneExplorer
2008-08-01 16:10:43 0 d-------- C:\Documents and Settings\Timothy.YOUR-FSYLY0JTWN.001\Application Data\AD ON Multimedia
2008-08-01 16:10:13 0 d-------- C:\Program Files\MyPhoneExplorer
2008-08-01 16:05:23 0 d-------- C:\Documents and Settings\Timothy.YOUR-FSYLY0JTWN.001\Application Data\SonyEricsson
2008-08-01 16:05:16 0 d-------- C:\Program Files\Sony Ericsson
2008-08-01 14:57:44 0 d-------- C:\WINDOWS\Logs
2008-08-01 14:48:20 0 d-------- C:\WINDOWS\osu!
2008-08-01 14:12:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 18:22:45 0 d-------- C:\WINDOWS\network diagnostic
2008-07-12 12:57:49 0 d-------- C:\Logs
2008-07-10 20:34:25 0 d-------- C:\Program Files\WoW-2.0.0-enUS-Installer
2008-07-10 20:33:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment


-- Find3M Report ---------------------------------------------------------------

2008-08-09 23:13:06 0 d-------- C:\Program Files\Windows NT
2008-08-09 23:13:03 0 d-------- C:\Program Files\Movie Maker
2008-08-09 23:13:02 0 d-------- C:\Program Files\Messenger
2008-08-09 20:54:59 0 d-------- C:\Program Files\Multimedia Card Reader
2008-08-09 17:47:16 0 d-------- C:\Program Files\Common Files\?ymantec
2008-08-02 10:29:02 0 d-------- C:\Program Files\QuickTime
2008-08-01 21:57:55 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-01 21:56:43 56732 --a------ C:\WINDOWS\UpdtNv28.exe
2008-08-01 21:56:42 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-08-01 21:56:42 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-08-01 21:20:11 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-08-01 21:02:30 41984 --a------ C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-07-20 15:17:05 0 d-------- C:\Program Files\StepMania
2008-07-05 22:06:21 0 d-------- C:\Program Files\WinPcap
2008-07-04 20:48:16 0 d-------- C:\Program Files\DivX
2008-06-29 11:23:31 0 d-------- C:\Program Files\Yahoo!
2008-06-16 20:50:16 0 d-------- C:\Program Files\Common Files\Apple
2008-06-12 16:15:38 0 d-------- C:\Program Files\MSN Messenger
2008-06-11 21:56:37 0 d-------- C:\Program Files\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 10:07 AM]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [10/07/2002 10:23 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/23/2003 05:55 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 11:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 11:01 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2003 12:58 AM]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [06/18/2003 10:19 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/15/2003 03:59 AM]
"NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [08/15/2003 09:24 PM]
"LTMSG"="LTMSG.exe" [07/14/2003 08:52 PM C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [04/03/2003 04:35 PM C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 07:57 PM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/14/2003 08:11 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [06/17/2003 09:13 PM]
"regcmdcons"="c:\hp\bin\cloaker.exe" [11/07/1999 10:11 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Control Utility.lnk - C:\Program Files\TM1184\ControlUtility\ControlUtility.exe [3/23/2008 7:11:39 PM]




-- End of Deckard's System Scanner: finished at 2008-08-09 21:45:18 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.70GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 503.48 MiB / 279.7 MiB
Pagefile Memory (total/avail): 1231.23 MiB / 1048.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.61 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69 GiB total, 4.29 GiB free.
D: is Fixed (FAT32) - 5.5 GiB total, 0.92 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 5.52 GiB - D:
\PARTITION1 (bootable) - Installable File System - 69 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is not configured.
AUState says computer is in an unknown state.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FSYLY0JTWN
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009
LOGONSERVER=\\YOUR-FSYLY0JTWN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNERY~1.009\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNERY~1.009\LOCALS~1\Temp
USERDOMAIN=YOUR-FSYLY0JTWN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-FSYLY0JTWN.009 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Excavation from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C56C66C3-3462-4A3F-8661-9E18362A5E7C\Uninstall.exe"
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.009\Desktop\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Explorer Q828750 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q828750.inf
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
toolkit --> c:\Windows\HPTK\unhptkit.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19 / Error
Event Submitted/Written: 08/09/2008 09:07:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error:
%%1058

Event Record #/Type18 / Error
Event Submitted/Written: 08/09/2008 09:07:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM Video Capture (universal) service failed to start due to the following error:
%%1058

Event Record #/Type17 / Error
Event Submitted/Written: 08/09/2008 09:07:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type16 / Error
Event Submitted/Written: 08/09/2008 09:07:00 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type15 / Error
Event Submitted/Written: 08/09/2008 09:07:00 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.



-- End of Deckard's System Scanner: finished at 2008-08-09 21:45:18 ------------

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:30 PM

Posted 11 August 2008 - 03:59 AM

Hi and welcome,

Virut is one nasty nasty virus. I'll save the 'pretty stuff' & hand it to ya straight.

Because of the nature of how it works cleaning is nearly impossible and even if AV can clean it most of the files after are trashed so nothing is going to work right anyways.
See this virus spreads itself all throught most exes and scr files.
Each file it infects -- uses slightly different code.
Because of how it injects 'parts' of itself all over the files is what makes it hard to clean while leaving files still usable after.
Some viruses add themselves to just the end or beginning of file and those are easier but this one is just plain out destruction.
Not only that -- but because each infected file has slightly different malicious code in it -- this makes it very difficult for AV to detect it all.
This means there will likely still be some parts of the virus left active & just re-infects.

I wanna check for presence of Virut before we try much of anything.
I wanna see the extent of the infection.
If just a couple files -- we have a chance.

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Graphics tutorial available here if needed:

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

If log is huge -- upload it here:

http://www.bleepingcomputer.com/submit-mal....php?channel=19

Please include URL to this topic so I can ID log.



--------------------

In the event it is present throught the system -- yeah -- format is pretty much the solution.
Before we rush off to do that though -- you will want to back up your documents and stuff.
If you have licenced software without CDs -- back up the product keys to a notepad file on backups for it so you can re-install.


I'm not sure if your burning software works properly or not but if you have another drive (a USB thumb drive would work or external) but this drive should be empty to start.
You don't want any exes or scr files on your backup drive because virut will attack those files too.
You can back up documents, your browser favorites, pictures and movies & MP3s.
Any zipped files with exes in them -- can't back these up because virut attacks zipped exes too.

I'd like to see you get these backups done first because if your own AV is taking out infected files -- booting up may soon not be possible so best get that done first.
Most AV can't clean virut so it simply tries to delete infected files.
If it starts ripping out system files -- windows will start to fail miserably.

It does look like you have a recovery partition on this system so restoring it to factory condition should be fair easy.
Dell has a fair good document regarding this which I'll point you to if we need it.
Then its a matter of re-doing updates and re-installing any new software since you got the machine.

Let me know when you got your stuff backed up.

Best take the PC offline too to lessen the chance of spreading virus and because the virus has backdoor component which can allow others to have access to the system and possibly comprimise confidential info like passwords and such.
If you do sensitive stuff like banking, shopping and things like that --
Best get to a clean system to change your passwords.
Better safe than sorry.

Let me know when ready! :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:30 PM

Posted 11 August 2008 - 04:10 AM

Hello again ..

I mentioned Dell earlier. I believe it is an HP computer. Correct?
Can you give me the make/model of the PC please? Then I can find the right doc for accessing the recovery partition and such.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:30 PM

Posted 17 August 2008 - 12:28 AM

Hi,

Due to lack of feedback this topic is now closed.
If you still need assistance & need topic re-opened please PM me.

All others please begin new topic.

Thanks,

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users