|
Various Trojan horses, viruses and malware
I have several viruses, malware etc. and Norton Antivirus has found three Trojan Horses. Panda Activescan found 55 viruses/adware/malware etc. I also have several pop-ups, including one that links to privacy/securepccleaner.com/MTY4ODE=/2/5993/ed=2/desctop/
Here's the DSS log.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 503.42 MiB / 158.82 MiB
Pagefile Memory (total/avail): 1227.72 MiB / 579.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.4 MiB
C: is Fixed (FAT32) - 35.06 GiB total, 18.78 GiB free.
D: is Fixed (FAT32) - 35.55 GiB total, 35.23 GiB free.
E: is CDROM (Unformatted)
Y: is Network (Unformatted)
Z: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - HTS421280H9AT00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 3.9 GiB
\PARTITION1 (bootable) - Unknown - 35.07 GiB - C:
\PARTITION2 - Unknown - 35.56 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"F:\\Linkwise\\exe\\bin\\LW3.exe"="F:\\Linkwise\\exe\\bin\\LW3.exe:*:Enabled:LW3"
"C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe:*:Enabled:LabVIEW 7.1.1 Development System"
"C:\\Program Files\\National Instruments\\Shared\\Example Finder\\1.0\\bin\\NIExampleFinder.exe"="C:\\Program Files\\National Instruments\\Shared\\Example Finder\\1.0\\bin\\NIExampleFinder.exe:*:Enabled:National Instruments Example Finder"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hope Chow\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOPEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hope Chow
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\HOPEY
MKL_SERIAL=YES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\VXIPNP\WinNT\Bin;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp
USERDOMAIN=HOPEY
USERNAME=Hope Chow
USERPROFILE=C:\Documents and Settings\Hope Chow
VXIPNPPATH=C:\VXIPNP\
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Hope Chow (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
Acer eDataSecurity Management 1.00.23 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver --> MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
KTP Ware PS/2-WDM 5.0.1.8 --> rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0
Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI
LEGO® MINDSTORMS® NXT - English Language Pack --> MsiExec.exe /I{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}
LEGO® MINDSTORMS® NXT Driver --> MsiExec.exe /I{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}
LEGO® MINDSTORMS® NXT Software v1.0 --> MsiExec.exe /I{4246326C-E861-43CA-B47D-2357454385F9}
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft FrontPage 2000 --> MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
National Instruments Software --> "C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SMSC IrCC V5.1.3600.5 SP2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k\HXFSETUP.EXE -U -ICplEFL5K.inf
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Stellarium 0.8.1 --> "C:\Program Files\Stellarium\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
-- Application Event Log -------------------------------------------------------
Event Record #/Type9189 / Error
Event Submitted/Written: 11/29/2007 09:08:11 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Zlob in File: C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp\ac8zt2\rmv.exe by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
Event Record #/Type9188 / Error
Event Submitted/Written: 11/29/2007 09:08:11 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan Horse in File: C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp\ac8zt2\nsduo.dll by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
Event Record #/Type9187 / Error
Event Submitted/Written: 11/29/2007 09:08:11 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Zlob in File: C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp\ac8zt2\msmhost.dll by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
Event Record #/Type9186 / Error
Event Submitted/Written: 11/29/2007 09:08:10 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Zlob in File: C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp\ac8zt2\msmdev.dll by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
Event Record #/Type9185 / Error
Event Submitted/Written: 11/29/2007 09:08:10 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Trojan.Zlob in File: C:\DOCUME~1\HOPECH~1\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type21329 / Warning
Event Submitted/Written: 11/29/2007 02:31:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F6F7C9F. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type21256 / Error
Event Submitted/Written: 11/28/2007 08:50:00 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer TRICIA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F893DA4-0C9E-44B5.
The master browser is stopping or an election is being forced.
Event Record #/Type21224 / Warning
Event Submitted/Written: 11/28/2007 08:23:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F6F7C9F. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type21197 / Warning
Event Submitted/Written: 11/27/2007 11:10:43 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166F6F7C9F. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type21192 / Error
Event Submitted/Written: 11/27/2007 10:32:12 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer TRICIA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F893DA4-0C9E-44B5.
The master browser is stopping or an election is being forced.
-- End of Deckard's System Scanner: finished at 2007-11-29 14:46:11 ------------
|