Im under attack !!

This is a discussion on Im under attack !! within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I think i accidently let something VERY harmful into my Desktop, it keeps freezing and unfreezing and my Spyware blocker


 
 
Thread Tools Search this Thread
Old 03-15-2008, 09:50 PM   #1
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



I think i accidently let something VERY harmful into my Desktop, it keeps freezing and unfreezing and my Spyware blocker keeps popping up every 10 seconds saying it blocked a process from "explorer. EXE Value Name Start Page=http:/ ...jump.php?wmid=601" and there's more but it runs off the screen, also there's 3 symbols on my desktop that i've deleted TWICE but they keep coming back , when they installed themselves in my computer the problem started ,they are some kind of spyware removal software i also keep getting messages saying there is an attack on my computer but if i pay for this spyware removal software it'll go away !!! I feel like i'm being "shook down" they installed this stuff to force me to pay for them to remove it !! I can't get my spyware scan to work i got ONE scan in which found 2 trojan horses which i quarinteened and now that keeps freezing up I'm writing this on my laptop cause my desktop wont allow it !!! PLEASE Help !!!

__________________
KingWithTheAxe is offline  
Old 03-17-2008, 05:29 PM   #2
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,401
OS: XP Pro SP3



Please go HERE and carry out the instructions that are posted.

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

__________________
Eddy
Pancake is offline  
Old 04-09-2008, 03:13 AM   #3
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



Since my last post my computer COMPLETLY melted down !!! I couldnt even use it as my keyboard somehow became fried , and also my mouse i bought a new keyboard about a week ago and a new mouse but because of the virus i couldnt install them !! I tried installing them both and got the keyboard working but not the mouse i got frustrated and left the computer running with the mouse halfway installed and the virus stopped me from completing the process well tonight i walked by the computer and noticed that some time in the last day or so it completed the process without me !!! :) I have a laptop and now have SOME of the computer's faculties back however it's STILL horribly out of control with this spyware alert warning popping up every minute or so obviously installed by the people who put the desktop symbols on my computer that refuse to go away it's some kind of anti spyware software i think its the old "buy our software and we'll get rid of the virus WE put in your computer" scam !! Please HELP !!! Do you still want me to follow your previous instructions ? Thanx for all your help in advance - KING
__________________
KingWithTheAxe is offline  
Old 04-09-2008, 03:46 AM   #4
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,401
OS: XP Pro SP3



Carry on with the instructions....
__________________
Eddy
Pancake is offline  
Old 04-13-2008, 09:54 PM   #5
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



I could only do the panda scan , if i go to my control panel and try to add\remove programs the screen freezes but after i completed the scan it wouldnt give me the option to download results but after i completed the scan i had to restart the computer as it was acting funny due to there being about 100 pop-ups telling me i needed to download " Spyware and Malware protection " similar to the one that started this nightmare !!! lol Anyways , after restarting the pop-ups stopped !! :) I hope this event log helps i have NO IDEA how to read it , thank you again for all your help and i look forward to your response - KING ocuments and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMBER-DAWN
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\AMBER-DAWN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 2 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0201
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=AMBER-DAWN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

Active Whois 3.0 --> "C:\Program Files\Active Whois\unins000.exe"
Adobe Acrobat Reader 3.01 --> C:\WINNT\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe
deskPDF 2.5 Standard Edition --> "C:\Program Files\Docudesk\deskPDF\unins000.exe"
Docudesk GPL Ghostscript 8.15 --> "C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{B094B68C-A2EC-418A-9277-6F4E84832064}
ebgcRes --> MsiExec.exe /X{B9297854-73CF-4C7D-9BA5-AD1ED6E74271}
ebgcRes --> MsiExec.exe /X{C317FE54-A82F-475A-8B92-FDE3C6E14660}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EFI PrintMe Toolbar --> MsiExec.exe /X{F540A6CC-AE36-4A55-8DDE-94D8A0429882}
FrostWire 4.13.1.7 BETA --> C:\Program Files\FrostWire\Uninstall.exe
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Card Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}\setup.exe" -l0x9 -removeonly
iTunes --> MsiExec.exe /I{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LimeWire 4.15.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\LOGITECH\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\LOGITECH\RESOUR~1\rem\INSTALL.LOG
Matrox DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E4B3200-11E8-11D4-A3E9-0050DA2DBBEC}\setup.exe"
Matrox Graphics Software (remove only) --> C:\WINNT\System32\PDUninst.exe
Matrox Online Guides --> C:\WINNT\IsUninst.exe -fC:\Matrox\doc\DeIsL1.isu
Matrox System Utilities --> C:\WINNT\IsUninst.exe -fC:\Matrox\util\DeIsL1.isu
Micro Innovations Internet Access Elite Keyboard --> C:\WINNT\UnInst32.exe KEMailKb.UNI
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Muiltmedia keyboard utility 1.1 --> C:\Program Files\Muiltmedia keyboard utility\1.1\uninst00.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pokerbility 1.10.21 --> "C:\Program Files\Pokerbility\unins000.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sudoku (remove only) --> "C:\Program Files\Encore\Sudoku\Uninstall.exe"
Sun Download Manager 2.0 (web) --> C:\WINNT\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
The Jongg CD --> C:\Program Files\The Jongg CD\uninstall.exe
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -l0009
WebVideo Support --> C:\WINNT\fmsxwqs.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft Trial --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Trial\Uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type19447 / Warning
Event Submitted/Written: 04/05/2008 09:51:43 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\WINNT\system32\hidserv.exe"

Event Record #/Type19424 / Warning
Event Submitted/Written: 03/17/2008 08:19:58 AM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 80080005.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type891 / Warning
Event Submitted/Written: 04/13/2008 07:13:12 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.187.18 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type890 / Warning
Event Submitted/Written: 04/13/2008 07:12:13 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.235.159 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type889 / Warning
Event Submitted/Written: 04/13/2008 07:11:14 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type888 / Error
Event Submitted/Written: 04/13/2008 07:05:26 PM / 04/13/2008 07:10:26 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\DR0.

Event Record #/Type885 / Error
Event Submitted/Written: 04/13/2008 07:05:26 PM / 04/13/2008 07:10:26 PM
Event ID/Source: 5 / atapi
Event Description:
A parity error was detected on \Device\Ide\IdePort0.



-- End of Deckard's System Scanner: finished at 2008-04-13 23:49:25 ------------
__________________
KingWithTheAxe is offline  
Old 04-13-2008, 09:59 PM   #6
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



ocuments and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMBER-DAWN
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\AMBER-DAWN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 2 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0201
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=AMBER-DAWN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

Active Whois 3.0 --> "C:\Program Files\Active Whois\unins000.exe"
Adobe Acrobat Reader 3.01 --> C:\WINNT\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe
deskPDF 2.5 Standard Edition --> "C:\Program Files\Docudesk\deskPDF\unins000.exe"
Docudesk GPL Ghostscript 8.15 --> "C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{B094B68C-A2EC-418A-9277-6F4E84832064}
ebgcRes --> MsiExec.exe /X{B9297854-73CF-4C7D-9BA5-AD1ED6E74271}
ebgcRes --> MsiExec.exe /X{C317FE54-A82F-475A-8B92-FDE3C6E14660}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EFI PrintMe Toolbar --> MsiExec.exe /X{F540A6CC-AE36-4A55-8DDE-94D8A0429882}
FrostWire 4.13.1.7 BETA --> C:\Program Files\FrostWire\Uninstall.exe
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Card Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}\setup.exe" -l0x9 -removeonly
iTunes --> MsiExec.exe /I{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LimeWire 4.15.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\LOGITECH\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\LOGITECH\RESOUR~1\rem\INSTALL.LOG
Matrox DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E4B3200-11E8-11D4-A3E9-0050DA2DBBEC}\setup.exe"
Matrox Graphics Software (remove only) --> C:\WINNT\System32\PDUninst.exe
Matrox Online Guides --> C:\WINNT\IsUninst.exe -fC:\Matrox\doc\DeIsL1.isu
Matrox System Utilities --> C:\WINNT\IsUninst.exe -fC:\Matrox\util\DeIsL1.isu
Micro Innovations Internet Access Elite Keyboard --> C:\WINNT\UnInst32.exe KEMailKb.UNI
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Muiltmedia keyboard utility 1.1 --> C:\Program Files\Muiltmedia keyboard utility\1.1\uninst00.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pokerbility 1.10.21 --> "C:\Program Files\Pokerbility\unins000.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sudoku (remove only) --> "C:\Program Files\Encore\Sudoku\Uninstall.exe"
Sun Download Manager 2.0 (web) --> C:\WINNT\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
The Jongg CD --> C:\Program Files\The Jongg CD\uninstall.exe
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -l0009
WebVideo Support --> C:\WINNT\fmsxwqs.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft Trial --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Trial\Uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type19447 / Warning
Event Submitted/Written: 04/05/2008 09:51:43 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\WINNT\system32\hidserv.exe"

Event Record #/Type19424 / Warning
Event Submitted/Written: 03/17/2008 08:19:58 AM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 80080005.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type891 / Warning
Event Submitted/Written: 04/13/2008 07:13:12 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.187.18 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type890 / Warning
Event Submitted/Written: 04/13/2008 07:12:13 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.235.159 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type889 / Warning
Event Submitted/Written: 04/13/2008 07:11:14 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type888 / Error
Event Submitted/Written: 04/13/2008 07:05:26 PM / 04/13/2008 07:10:26 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\DR0.

Event Record #/Type885 / Error
Event Submitted/Written: 04/13/2008 07:05:26 PM / 04/13/2008 07:10:26 PM
Event ID/Source: 5 / atapi
Event Description:
A parity error was detected on \Device\Ide\IdePort0.



-- End of Deckard's System Scanner: finished at 2008-04-13 23:49:25 ------------
__________________
KingWithTheAxe is offline  
Old 04-13-2008, 10:38 PM   #7
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,401
OS: XP Pro SP3



Go into Add/Remove and uninstall WebVideo Support then......



Lets see what this finds...

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
Eddy
Pancake is offline  
Old 06-28-2008, 03:19 AM   #8
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



Quote:
Originally Posted by Pancake View Post
Go into Add/Remove and uninstall WebVideo Support then......



Lets see what this finds...

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
KingWithTheAxe is offline  
Old 06-28-2008, 03:20 AM   #9
Registered Member
 
Join Date: Sep 2007
Location: Wash. D.C. now Troy Ohio
Posts: 44
OS: win2000



Its fixed !!! Thank you so much again !!! You guys are great !!!
__________________
KingWithTheAxe is offline  
Old 06-28-2008, 04:43 PM   #10
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,401
OS: XP Pro SP3



Post the Combofix log as Im sure there will be some more cleaning to do.

__________________
Eddy
Pancake is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:40 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts