|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
06-03-2008, 05:10 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 1
OS: xp
|
Trojan spy32 problem
Hi everyone. Just two days ago i got this trojan spy 32 on my computer. Everytime i opened internet explorer it would close and ask if i wanted to send an error report. Also i would get popups telling me i was infected with spyware. I used spysweeper and quarantined it but the problem still remained. Now when i use internet explorer sometimes it still says that i have to download some program to get rid of the spyware. I also have nod32 antivirus and i sweeped my computer with this. I no longer get the popups but some of my programs arent working. When i tried to click on disk defragmenter it would close and tell me there was an error. Also i have the game world of warcraft and whenever i click on that it closes and says there is a "fatal error". I just want to be if the trojan is gone or not. Here is the Deckcards system scanner report. The first one is the main.txt and the second one is the extra.txt. Thanks.
Deckard's System Scanner v20071014.68 Run by Sunil on 2008-06-03 19:54:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-06-03 23:54:31 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Sunil.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:55:51, on 6/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\GameSpot\DownloadManager_Win32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\GameSpot\GDM_TrayApp.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sunil\Desktop\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\HJT\Sunil.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.36.0\HostIE.dll (file missing) O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.36.0\HostIE.dll (file missing) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\olesvr32n.exe O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\olesvr32n.exe O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU) O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D146} (AtlCam Class) - http://131.247.188.20/sns100.ocx O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10054 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT> R3 int15.sys - c:\program files\acer\erecovery\int15.sys R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S1 UBHelper - c:\windows\system32\drivers\ubhelper.sys S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook> R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 DNADownloader - c:\program files\gamespot\downloadmanager_win32.exe <Not Verified; CNET Networks; GameSpot Download Manager> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 802.11g Network Adapter Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\3&267A616A&0&58 Manufacturer: Broadcom Name: Broadcom 802.11g Network Adapter PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\3&267A616A&0&58 Service: BCM43XX -- Files created between 2008-05-03 and 2008-06-03 ----------------------------- 2008-06-03 14:23:53 0 d-------- C:\World of Warcraft 2008-06-02 23:48:04 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-02 18:33:29 0 d-------- C:\WINDOWS\system32\GroupPolicy 2008-06-02 18:33:16 0 d-------- C:\Program Files\Hitman Pro 2008-06-02 16:03:07 0 d-------- C:\!KillBox 2008-06-02 14:40:36 4984 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-02 14:40:04 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-02 14:40:04 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-02 14:40:04 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-02 14:40:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-02 14:40:04 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-02 14:40:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-02 14:40:04 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-02 14:40:03 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-02 14:30:18 0 d-------- C:\HJT 2008-06-01 22:30:48 0 d--hs---- C:\FOUND.005 2008-06-01 18:13:08 32279 --a------ C:\WINDOWS\system32\clbdll.dll 2008-06-01 18:12:45 0 d-------- C:\Program Files\uTorrent 2008-05-29 14:39:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-05-29 14:03:34 0 d--hs---- C:\FOUND.004 2008-05-19 20:51:05 0 d-------- C:\Documents and Settings\Sunil\Application Data\Acreon 2008-05-17 15:56:16 69632 --a------ C:\WINDOWS\system32\000080.exe 2008-05-15 00:56:10 0 d-------- C:\Logs 2008-05-13 23:57:40 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-09 14:17:12 0 d--hs---- C:\FOUND.003 2008-05-08 17:41:50 0 d--hs---- C:\FOUND.002 2008-05-07 23:54:08 0 d--hs---- C:\FOUND.001 2008-05-04 15:27:18 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2008-05-04 15:25:08 0 d-------- C:\Program Files\The Rosetta Stone 2008-05-04 01:38:28 0 d-------- C:\Program Files\ADSTechnology -- Find3M Report --------------------------------------------------------------- 2008-05-17 15:56:16 69632 --a------ C:\WINDOWS\system32\userinit.exe 2008-04-12 08:42:50 164 --a------ C:\install.dat 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\userconfig9x.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32winlogonpc.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32taack.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32taack.dat 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32ssurf022.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32sncntr.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32psoft1.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32psof1.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32ps1.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32mwin32.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32msnbho.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32medup020.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32medup012.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32hoproxy.dll 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\iTunesMusic.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\FVProtect.exe 2008-04-01 14:26:04 4096 --a------ C:\WINDOWS\a.bat 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32thun32.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32thun.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32temp#01.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32ssvchost.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32ssvchost.com 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32Rundl1.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32regm64.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32regc64.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32newsd32.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32netode.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32mtr2.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32msvchost.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32msgp.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32emesx.dll 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32dpcproxy.exe 2008-04-01 14:26:02 4096 --a------ C:\WINDOWS\system32akttzn.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\winsystem.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32winsystem.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32vcatchpi.dll 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32vbsys2.dll 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32sysreq.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32mssecu.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32bdn.com 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32awtoolb.dll 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\system32anticipator.dll 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\mssecu.exe 2008-04-01 14:26:00 4096 --a------ C:\WINDOWS\bdn.com 2008-03-13 11:54:24 54963 --a------ C:\WINDOWS\War3Unin.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] C:\Program Files\Zango\bin\10.3.36.0\HostIE.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}"= C:\Program Files\Zango\bin\10.3.36.0\HostIE.dll [ ] [-HKEY_CLASSES_ROOT\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] [HKEY_CLASSES_ROOT\HostIE.Bho.1] [HKEY_CLASSES_ROOT\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}] [HKEY_CLASSES_ROOT\HostIE.Bho] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/07/2004 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/07/2004 23:43] "SoundMan"="SOUNDMAN.EXE" [02/23/2005 18:13 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [10/07/2004 19:50 C:\WINDOWS\AGRSMMSG.exe] "SiSPower"="Rundll32.exe" [08/04/2004 05:00 C:\WINDOWS\system32\rundll32.exe] "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [03/04/2005 13:13] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [03/09/2005 18:59] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [03/28/2005 12:30] "eRecoveryService"="C:\Windows\System32\Check.exe" [03/23/2005 10:01] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 12:48] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [07/21/2005 01:07] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [08/01/2005 07:05] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/2005 08:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/20/2005 20:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/19/2006 15:12] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/13/2008 23:55] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 08:21] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 20:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [06/02/2005 01:34] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00] "PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [04/21/2004 10:26] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 05:48] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/08/2006 05:17] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 18:35] "@"="" [] "IEUpdate"="C:\WINDOWS\system32\olesvr32n.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] "IEUpdate"=C:\WINDOWS\system32\olesvr32n.exe C:\Documents and Settings\Sunil\Start Menu\Programs\Startup\ GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [5/9/2007 12:48:26 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [3/7/2005 12:07:26 PM] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [11/22/2006 2:00:28 AM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "IEUpdate"= C:\WINDOWS\system32\olesvr32n.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{452e7dd4-c605-11db-a450-00c09fef0810}] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede2245c-4e8d-11db-a418-00c09fef0810}] AutoRun\command- setupSNK.exe -- End of Deckard's System Scanner: finished at 2008-06-03 19:57:14 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Turion(tm) 64 Mobile Technology ML-34 Percentage of Memory in Use: 66% Physical Memory (total/avail): 958.48 MiB / 324.95 MiB Pagefile Memory (total/avail): 2313.5 MiB / 1683.74 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.14 MiB C: is Fixed (FAT32) - 44.99 GiB total, 13.67 GiB free. D: is Fixed (FAT32) - 45.21 GiB total, 1.86 GiB free. E: is CDROM (UDF) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - TOSHIBA MK1031GAS - 93.16 GiB - 3 partitions \PARTITION0 - Unknown - 2.93 GiB \PARTITION1 (bootable) - Unknown - 45 GiB - C: \PARTITION2 - Extended w/Extended Int 13 - 45.22 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\AIM\\AIM.EXE"="C:\\Program Files\\AIM\\AIM.EXE:*:Enabled:AOL Instant Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\BIN\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\\WINDOWS\\system32"="C:\\WINDOWS\\system32:*:Enabled:lockx" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Sunil\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SMMEDIDI ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Sunil LOGONSERVER=\\SMMEDIDI NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2402 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Sunil\LOCALS~1\Temp TMP=C:\DOCUME~1\Sunil\LOCALS~1\Temp USERDOMAIN=SMMEDIDI USERNAME=Sunil USERPROFILE=C:\Documents and Settings\Sunil windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Sunil (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu" --> Dummy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62} Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} ADSTechnology --> "C:\Program Files\ADSTechnology\Uninstall.exe" Agere Systems AC'97 Modem --> agrsmdel AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini" Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini" Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon S300 --> C:\WINDOWS\system32\CNMCP38.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\DeIsL1.isu" -pCanon S300-c"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\bjinst.dll Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Combined Community Codec Pack 2006-05-01 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe Convert XLS --> "C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe" DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX DVD Ripper 1.6 --> C:\Program Files\DDR\uninst.exe DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dolphin 1.3 beta --> C:\Program Files\Dolphin\uninst.exe DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" DVD Solution --> "C:\Program Files\Uninstall_CDS.exe" ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D} GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe" HijackThis 2.0.2 --> "C:\HJT\HijackThis.exe" /uninstall Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe" iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL nMacro Recorder 1.1 --> C:\Program Files\NKProd\nMacroRec\uninstall.exe NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4 NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7 OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL PDF Manual NW-E000 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F0C7588-DC73-4465-8BAB-21813C1EC047}\setup.exe" -l0x9 UNINSTALL -removeonly PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.EXE" -uninstall Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 RCA Digital Audio Player (Emusic Series) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10BDC337-D718-4AB1-9876-746737D37000}\setup.exe" -l0x9 RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9 SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The Print Shop Deluxe III --> C:\WINDOWS\uninst.exe -f"C:\Program Files\The Print Shop Deluxe III\DeIsL1.isu" The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Version 5.3.0 --> "C:\Program Files\ADShareit\swf2videopro\unins000.exe" VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html" Vodei Multimedia Processor 2.10 --> C:\Program Files\Vodei\uninst.exe Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Windows Macro Recorder --> MsiExec.exe /I{67DD11CB-7C27-4072-B970-B57755294B28} Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Wondershare DVD Slideshow Builder 3.2.0 Trial Version --> "C:\Program Files\Wondershare\DVD Slideshow Builder\unins000.exe" World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type31034 / Error Event Submitted/Written: 06/03/2008 00:20:54 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application mmc.exe, version 5.1.2600.2180, faulting module mmc.exe, version 5.1.2600.2180, fault address 0x000327a7. Processing media-specific event for [mmc.exe!ws!] Event Record #/Type31033 / Error Event Submitted/Written: 06/03/2008 11:08:46 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application mmc.exe, version 5.1.2600.2180, faulting module mmc.exe, version 5.1.2600.2180, fault address 0x000327a7. Processing media-specific event for [mmc.exe!ws!] Event Record #/Type31032 / Error Event Submitted/Written: 06/03/2008 11:08:25 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application mmc.exe, version 5.1.2600.2180, faulting module mmc.exe, version 5.1.2600.2180, fault address 0x000327a7. Processing media-specific event for [mmc.exe!ws!] Event Record #/Type30950 / Error Event Submitted/Written: 06/02/2008 07:27:25 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application hitmanpro2.exe, version 2.6.0.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d. Processing media-specific event for [hitmanpro2.exe!ws!] Event Record #/Type30932 / Warning Event Submitted/Written: 06/02/2008 07:17:50 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type3355 / Error Event Submitted/Written: 06/03/2008 07:31:49 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 192.168.1.3 for the Network Card with network address 00C09FEF0810 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Event Record #/Type3170 / Error Event Submitted/Written: 06/02/2008 11:30:51 PM Event ID/Source: 12 / PlugPlayManager Event Description: The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal. Event Record #/Type3164 / Error Event Submitted/Written: 06/02/2008 11:30:38 PM Event ID/Source: 12 / PlugPlayManager Event Description: The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal. Event Record #/Type3163 / Error Event Submitted/Written: 06/02/2008 11:30:38 PM Event ID/Source: 12 / PlugPlayManager Event Description: The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal. Event Record #/Type3145 / Error Event Submitted/Written: 06/02/2008 11:29:51 PM Event ID/Source: 12 / PlugPlayManager Event Description: The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal. -- End of Deckard's System Scanner: finished at 2008-06-03 19:57:14 ------------ |
|
     
|
|
06-07-2008, 01:50 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,548
OS: Windows XP Pro
|
Re: Trojan spy32 problem
Hi gianttrain,
Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- P2P Software I see you have P2P software ( BitLord 1.1) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar The above Viewpoint programs are considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546 Additional info: http://vil.nai.com/vil/content/v_137262.htm -------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to C:\SDFix DO NOT run SDFix yet. We will shortly -------------------------------------------------------------- Enter Safe Mode
Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. -------------------------------------------------------------- Run SDFix
-------------------------------------------------------------- Restart your computer in Normal Mode -------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix IMPORTANT: Make sure you install the Recovery Console before running ComboFix. -------------------------------------------------------------- Please reply back with the following logs: C:\SDFix\report.txt C:\ComboFix.txt
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey : 06-07-2008 at 01:52 PM. |
|
|
|
|
| Thread Tools | |
|
|
