|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
05-28-2008, 10:57 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 8
OS: vista
|
systemerrorfix.com vista
Greetings,
Maybe I am simply not savvy enough, but when i was looking at the other threads that have fixed the systemerrorfix.com problem, i couldn't follow those suggestions out of fear that my log differs and that I could delete critical info. I started by using the 'OTMOVEIT' and was successful with that portion of the instructions. I hope to be able to follow instructions properly. My log in hijackthis shows as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:10 AM, on 5/28/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Program Files\Safari\Safari.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infowars.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\program files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\program files\Adobe\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\program files\Adobe\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\program files\Adobe\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "D:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_5 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [a011854c] rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\bwxapgka.dll",b O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\yayyVpnN.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\wvUnOGwU.dll,#1 O4 - HKCU\..\Run: [BMa322b6d0] Rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\ovpnivnt.dll",s O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-57989841-1767777339-839522115-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser17') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Canon iR1510-1670 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O4 - Global Startup: QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsu...?1185222589312 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\program files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9376 bytes |
|
     
|
|
06-01-2008, 06:24 PM
|
#2 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 8
OS: vista
|
systemerrofix.com vista
Hello,
Need some help, and am grateful for this site. I somehow got this malware, and I am very close to simply wiping the drive and starting over. Below is the hjt log. Thanks in advance. Jesse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:20:02 PM, on 6/1/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Winamp\winampa.exe D:\program files\Adobe\Distillr\acrotray.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\program files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\Windows\System32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infowars.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\program files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\program files\Adobe\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\program files\Adobe\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\program files\Adobe\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "D:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_5 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\yayyVpnN.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\ssqPJaxv.dll,#1 O4 - HKCU\..\Run: [a011854c] rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\iqtokwyp.dll",b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-57989841-1767777339-839522115-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser17') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Canon iR1510-1670 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O4 - Global Startup: QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsu...?1185222589312 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\program files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10066 bytes |
|
|
|
|
06-19-2008, 07:45 AM
|
#5 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 8
OS: vista
|
Re: systemerrorfix.com vista
Please see the main DSS below. I can't understand why running HJT only provides a limited version of what it did before. It is a quick 5 second scan. I do right click and select run as the admin, and I do have admin access.
Jesse Deckard's System Scanner v20071014.68 Run by Administrator on 2008-06-19 07:33:55 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 1 Restore Point(s) -- 1: 2008-06-19 08:24:15 UTC - RP284 - Windows Defender Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 1.85 GiB (less than 15%) free. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:39 AM, on 6/19/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Users\Administrator\Desktop\dss.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\program files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\program files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\program files\Adobe\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\program files\Adobe\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "D:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_0_5 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-57989841-1767777339-839522115-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'QBDataServiceUser17') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Canon iR1510-1670 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O4 - Global Startup: QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsu...?1185222589312 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - D:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\program files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8092 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080526-222533-296 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local -- File Associations ----------------------------------------------------------- .js - jsfile - DefaultIcon - "D:\program files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7 .js - jsfile - shell\open\command - "D:\program files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Broadcom 802.11g Network Adapter Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01\4&236CF3B&0&0018 Manufacturer: Broadcom Name: Broadcom 802.11g Network Adapter PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_1363103C&REV_01\4&236CF3B&0&0018 Service: BCM43XV Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&DF1556&0&01 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&DF1556&0&01 Service: NVENETFD -- Scheduled Tasks ------------------------------------------------------------- 2007-08-25 13:42:39 434 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E6E0C728-9CCF-473F-86EB-9C57693B61DF}.job -- Files created between 2008-05-19 and 2008-06-19 ----------------------------- 2008-06-15 23:11:58 0 d-------- C:\Program Files\SpywareBlaster 2008-06-11 13:12:52 0 d-------- C:\Users\All Users\ALM 2008-06-09 00:32:49 0 d-------- C:\Program Files\Panda Security 2008-06-07 19:37:51 0 d-------- C:\Program Files\Microsoft Works 2008-05-28 09:53:55 291328 --a------ C:\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt> 2008-05-26 22:03:16 0 d-------- C:\Program Files\Trend Micro 2008-05-26 00:51:03 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-25 20:23:31 0 d-------- C:\Program Files\Common Files\SWF Studio 2008-05-25 20:23:04 0 d-------- C:\Program Files\NetWaiting 2008-05-22 12:29:50 0 d-------- C:\Users\All Users\FLEXnet 2008-05-22 12:07:56 0 d-------- C:\Program Files\Common Files\Macrovision Shared -- Find3M Report --------------------------------------------------------------- 2008-06-19 07:29:04 25871 --a------ C:\Users\Administrator\AppData\Roaming\nvModes.001 2008-06-19 07:02:59 25871 --a------ C:\Users\Administrator\AppData\Roaming\nvModes.dat 2008-06-11 15:53:44 0 d-------- C:\Users\Administrator\AppData\Roaming\Adobe 2008-06-11 10:10:14 0 d-------- C:\Users\Administrator\AppData\Roaming\Sony 2008-06-11 03:09:46 0 d-------- C:\Program Files\Windows Mail 2008-06-10 21:11:23 0 d-------- C:\Users\Administrator\AppData\Roaming\LimeWire 2008-06-07 17:49:21 0 d-------- C:\Users\Administrator\AppData\Roaming\U3 2008-06-07 17:28:53 0 d-------- C:\Program Files\Lx_cats 2008-05-28 19:15:43 0 d-------- C:\Users\Administrator\AppData\Roaming\dvdcss 2008-05-26 23:27:32 0 d-------- C:\Program Files\Java 2008-05-25 20:23:31 0 d-------- C:\Program Files\Common Files 2008-05-25 20:23:21 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-25 20:23:03 0 d-------- C:\Program Files\CONEXANT 2008-05-25 20:19:04 0 d-------- C:\Program Files\Hp 2008-05-23 15:23:39 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-05-22 12:16:41 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-20 11:43:55 0 d-------- C:\Program Files\MSN Messenger 2008-04-27 17:31:09 0 d-------- C:\Program Files\Safari 2008-04-27 17:29:40 0 d-------- C:\Program Files\Apple Software Update -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/24/2007 07:19 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/12/2007 02:36 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/10/2007 03:13 PM] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 10:58 AM] "NvSvc"="C:\Windows\system32\nvsvc.dll" [02/27/2007 11:26 AM] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/27/2007 11:26 AM] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/27/2007 11:26 AM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM] "Acrobat Assistant 7.0"="D:\program files\Adobe\Distillr\Acrotray.exe" [01/12/2006 08:52 PM] "@"="" [] "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [03/19/2007 05:58 AM] "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [03/19/2007 05:59 AM] "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [03/19/2007 05:58 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 02:45 AM] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM] "updateMgr"="D:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" [03/30/2006 04:45 PM] "SpybotSD TeaTimer"="D:\program files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [9/5/2007 1:47:13 PM] Canon iR1510-1670 Status Window.LNK - C:\Windows\System32\spool\drivers\w32x86\3\CAPM4LAK.EXE [11/27/2003 12:00:00 PM] NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [4/15/2008 8:56:47 AM] QuickBooks Database Server Manager.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [3/18/2008 6:40:48 PM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/18/2008 6:41:30 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "FilterAdministratorToken"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt LocalServiceNoNetwork PLA DPS BFE mpssvc LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{534b9d6c-1de2-11dd-8de3-c03327844a2f}] AutoRun\command- F:\LapNetWizard.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c639bc6b-34f1-11dd-b6b8-00146c37cbd1}] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e425b169-77e2-11dc-926e-001b240c7317}] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feabcbb7-3681-11dc-9314-9d8cedb95de4}] AutoRun\command- F:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-19 07:39:59 ------------ |
|
|
|
|
06-19-2008, 08:17 AM
|
#6 (permalink) | |||
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,565
OS: 2000 Pro; XP Pro; XP Home
|
Re: systemerrorfix.com vista
HijackThis and DSS are very different in scope. DSS gives us much more information to work with in trying to identify the issues on a machine.
You don't appear to have an active infection. Quote:
This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites - and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don't think: "I have a good Antivirus and Firewall installed, they will protect me" - because that's not true... and even before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system. We do not condone this sort of activity. The cracked software should be uninstalled. --------------------------------------------------------------------------------------------- P2P - I see you have P2P software ( LimeWire 4.17.9 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Please download OTMoveIt2 by OldTimer.
If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. --------------------------------------------------------------------------------------------- Quote:
--------------------------------------------------------------------------------------------- I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. Install this FREE AntiVirus program, update it, and run a full system scan. Avira PersonalEdition Classic Here is a tutorial on it's setup and use: http://www.techsupportforum.com/cont...ticles/64.html When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. --------------------------------------------------------------------------------------------- Open HijackThis (right click on HijackThis.exe and select "Run as an Administrator") and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|||
|
|
|
|
06-19-2008, 11:16 PM
|
#7 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 8
OS: vista
|
Re: systemerrorfix.com vista
First, the OTMoveIt File/Folder C:\Users\Administrator\'\00jj99uuii66ddxxqqq.zip" not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QSHWQGB\kb456456 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QSHWQGB\kb516107 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WEMFG3T\kb456456 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WEMFG3T\kb516107 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WEMFG3T\kb767887 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKAHIBZY\kb456456 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKAHIBZY\kb713501 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKAHIBZY\kb767887 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIV6CFH2\kb456456 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIV6CFH2\kb516107 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIV6CFH2\kb671231 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIV6CFH2\kb713501 not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIV6CFH2\query not found. File/Folder C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQLYKUXX\kb456456 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\acfgciog.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\bwxapgka.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\ctdkhstx.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\ctfeakkn.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\ftgtildy.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\fytcubjn.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\hpuaxqto.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\hstihdvq.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\iqtokwyp.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\mwjxuxpr.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\mysggmns.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\nbjfapgy.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\niktowul.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\nmrajatd.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\nrgatppr.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\ntuqoqde.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\otmnievl.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\otxiapfd.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\ovpnivnt.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\plobleul.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\qllwoxrt.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\quqnikaa.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\rdejteaj.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\shgujdov.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\stvxuopg.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tbpvtghw.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp0000b579 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp0000fe89 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp00013ce0 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp00014384 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp000158d8 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp00017223 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp000179ff not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp00024baf not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp0002625a not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp000264da not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\tmp00140000 not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\urqNGvur.dll not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\vgkxqvqc.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\wpdcsoih.exe not found. File/Folder C:\Users\Administrator\AppData\Local\Temp\xlubkwng.dll not found. D:\Downloads\The Sims 2 Special DVD Edition ISO Crack.zip moved successfully. D:\my documents\setup\AVIMoviePlayer48.exe moved successfully. < D:\my documents\setup\AVIMoviePlayer48.exe[tqp.exe] > File/Folder D:\my documents\setup\AVIMoviePlayer48.exe[tqp.exe] not found. < emptytemp > File delete failed. C:\Users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06192008_083412 Files moved on Reboot... C:\Users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Now, Avira Avira AntiVir Personal Report file date: Thursday, June 19, 2008 09:11 Scanning for 1348509 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: FIRSTTOBECOOL Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 22:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 16:07:48 ANTIVIR3.VDF : 7.0.4.224 226816 Bytes 6/19/2008 16:07:53 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/19/2008 16:08:47 AESCN.DLL : 8.1.0.21 119156 Bytes 6/19/2008 16:08:43 AERDL.DLL : 8.1.0.20 418165 Bytes 6/19/2008 16:08:39 AEPACK.DLL : 8.1.1.5 364918 Bytes 6/19/2008 16:08:33 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 6/19/2008 16:08:28 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/19/2008 16:08:25 AEHELP.DLL : 8.1.0.15 115063 Bytes 6/19/2008 16:08:12 AEGEN.DLL : 8.1.0.28 307572 Bytes 6/19/2008 16:08:04 AEEMU.DLL : 8.1.0.6 430451 Bytes 6/19/2008 16:08:00 AECORE.DLL : 8.1.0.31 168310 Bytes 6/19/2008 16:07:57 AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Thursday, June 19, 2008 09:11 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'VSSVC.exe' - '1' Module(s) have been scanned Scan process 'Safari.exe' - '1' Module(s) have been scanned Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'CAPM4SWK.EXE' - '1' Module(s) have been scanned Scan process 'CAPM4LAK.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'qbupdate.exe' - '1' Module(s) have been scanned Scan process 'wlan111t.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'ezprint.exe' - '1' Module(s) have been scanned Scan process 'lxctmon.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned Scan process 'XAudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'QBDBMgrN.exe' - '1' Module(s) have been scanned Scan process 'QBCFMonitorService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lxctcoms.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'CAPM4SWK.EXE' - '1' Module(s) have been scanned Scan process 'CAPM4RSK.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 70 processes with 70 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '21' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\ctdkhstx.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\ftgtildy.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\hstihdvq.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\mwjxuxpr.dll [DETECTION] Is the Trojan horse TR/Monder.126976.1 [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\mysggmns.dll [DETECTION] Is the Trojan horse TR/Monder.126976.1 [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\nbjfapgy.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\niktowul.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\nmrajatd.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\nrgatppr.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\ntuqoqde.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\otmnievl.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\otxiapfd.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\ovpnivnt.dll [DETECTION] Is the Trojan horse TR/Vundo.ENB [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\plobleul.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\qllwoxrt.dll [DETECTION] Is the Trojan horse TR/Monder.133120 [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\quqnikaa.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\rdejteaj.dll [DETECTION] Is the Trojan horse TR/Monder.133120 [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\sbmhpkfy.dll [DETECTION] Is the Trojan horse TR/Agent.rep [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\shgujdov.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\shyeasie.dll [DETECTION] Is the Trojan horse TR/Agent.reo [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\stvxuopg.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\vcnvsqsw.dll [DETECTION] Is the Trojan horse TR/Vundo.ESY [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\vgkxqvqc.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Deckard\System Scanner\backup\Users\ADMINI~1\AppData\Local\Temp\wpdcsoih.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [WARNING] The file was ignored! C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll |
