|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-23-2007, 11:56 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 11
OS: windows xp
|
Virus taking over my computor!
After starting the 1st thing is:
Application has failed to start because MSVCR80.D11 was not found. -medichi2.exe-unable to locate component 2. Was not able to gain access to Control Panel or administrator. 3.It keeps copying files, then 4.A Window Security Alert: Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download Spyware Remover..... 5.The Internet will start by itself while I am on internet. I have tried to follow the 5-steps you needed for your information. The only thing I removed from my computer was VIEWPOINT MEDIA PLAYER. COPY OF PANDA REPORT: Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Adware:adware/cws Not disinfected C:\Documents and Settings\Nathan\Favorites\Insurance Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@adrevolver[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@atdmt[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@bluestreak[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@casalemedia[2].txt Spyware:Cookie/Casinotropez Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@casinotropez[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@fastclick[2].txt Spyware:Cookie/Maxifiles Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@goto.maxifiles[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@go[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@media.adrevolver[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@questionmarket[2].txt Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@smartadserver[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@statse.webtrendslive[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@target[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@tribalfusion[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nathan\Cookies\nathan@zedo[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@ad.yieldmanager[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@ads.addynamix[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@casalemedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@realmedia[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@serving-sys[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@tribalfusion[2].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@valueclick[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nathan Dahlem\Cookies\nathan_dahlem@zedo[2].txt Adware:Adware/Trymedia Not disinfected C:\Downloads\PetVetSetup-dm[1].exe Adware:Adware/Trymedia Not disinfected C:\Downloads\SinglesMSetup-dm[1].exe Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe Hacktool:HackTool/Samdump Not disinfected C:\Program Files\Laplink\PCmover\copypwd.dll Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm] Adware:Adware/DnsInsider Not disinfected C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Adware:Adware/Amera Not disinfected C:\qoobox\Quarantine\C\Program Files\ISM2\adhydraupd.exe.vir[QdrPack9.exe] Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\Program Files\ISM2\ISMPack7.exe.vir Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir Possible Virus. Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\63394.exe.vir Possible Virus. Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\90665.exe.vir Possible Virus. Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\install.exe.vir Virus:Rootkit/Lanman.BE Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\lanmandrv.sys.vir Possible Virus. Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\lanmanwrk.exe.vir Hacktool:HackTool/Samdump Not disinfected C:\WINDOWS\Downloaded Installations\{A45F2769-197F-49A5-937B-04A3EE210DFF}\PCmover.msi[unk_0058][copypwd.dll] Possible Virus. Not disinfected C:\WINDOWS\system32\dllcache\beep.sys Possible Virus. Not disinfected C:\WINDOWS\system32\drivers\beep.sys DECKARDS main.tst: Deckard's System Scanner v20071014.68 Run by Nathan on 2007-12-23 11:51:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 116: 2007-12-23 17:51:27 UTC - RP549 - Deckard's System Scanner Restore Point 115: 2007-12-23 12:53:07 UTC - RP548 - System Checkpoint 114: 2007-12-23 16:13:48 UTC - RP547 - ComboFix created restore point 113: 2007-12-23 15:56:26 UTC - RP546 - System Checkpoint 112: 2007-12-23 21:38:14 UTC - RP545 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2007-09-25 03:12:08 UTC - RP434 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Nathan.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:53:41 AM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Documents and Settings\Nathan\Local Settings\Temporary Internet Files\Content.IE5\XYZD2E9A\dss[1].exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Nathan.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061107 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Medichi] medichi.exe O4 - HKLM\..\Run: [Medichi2] medichi2.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4430FE8-2638-42e5-B849-800749B94EED} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157825810640 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 10091 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0> R3 catchme - c:\docume~1\nathan\locals~1\temp\catchme.sys (file missing) S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt> S3 LLUSBFLT - c:\windows\system32\drivers\llusbflt.sys <Not Verified; Laplink Software, Inc.; Laplink FileMover> S3 PLUsbbc2 (High-Speed USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbc2.sys <Not Verified; Prolific Technology Inc.; High Speed USB-USB Bridge Cable Driver> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security> R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0> S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-23 01:47:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-12-18 14:16:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-23 and 2007-12-23 ----------------------------- 2007-12-23 04:40:33 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-23 04:40:33 0 d-------- C:\WINDOWS\LastGood 2007-12-23 00:30:35 5632 --a------ C:\WINDOWS\medichi.exe 2007-12-22 23:44:32 0 d-------- C:\ie-spyad_zo 2007-12-22 23:29:49 0 d-------- C:\Program Files\SpywareBlaster 2007-12-22 14:33:03 6144 --a------ C:\WINDOWS\murka.dat 2007-12-22 14:33:03 9216 --a------ C:\WINDOWS\medichi2.exe 2007-12-21 20:59:11 0 d-------- C:\Program Files\Windows Defender 2007-12-14 16:35:21 0 d-------- C:\Program Files\Router 2007-12-11 16:34:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2007-12-11 16:34:12 0 d-------- C:\Program Files\Fashion Fits 2007-12-11 11:37:30 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-08 17:00:43 0 d-------- C:\Documents and Settings\Nathan\.housecall6.6 2007-12-04 21:10:54 0 d--h----- C:\WINDOWS\PIF -- Find3M Report --------------------------------------------------------------- 2007-12-23 11:53:30 0 d-------- C:\Program Files\Trend Micro 2007-12-23 08:11:17 0 d-------- C:\Program Files\QuickTime 2007-12-23 08  31 0 d-------- C:\Program Files\iTunes2007-12-23 08:03:48 0 d-------- C:\Program Files\DIGStream 2007-12-23 08:03:48 0 d-------- C:\Program Files\Digital Line Detect 2007-12-23 08:03:47 0 d-------- C:\Program Files\Dell Support 2007-12-23 08:00:07 0 d-------- C:\Program Files\BAE 2007-12-04 19:29:32 0 d-------- C:\Program Files\DivX 2007-11-28 15:47:15 0 d-------- C:\Program Files\Common Files 2007-11-15 18:58:49 12288 --a------ C:\WINDOWS\system32\Dll.dll 2007-11-15 16:18:36 96 --a------ C:\WINDOWS\system32\ksvcl.dll 2007-11-15 16:18:34 631 --a------ C:\WINDOWS\system32\kcopt.dll 2007-11-15 16:18:18 36864 --a------ C:\WINDOWS\system32\KernelDrv.exe 2007-11-11 22:26:36 0 d-------- C:\Documents and Settings\Nathan\Application Data\Image Zone Express 2007-11-10 20:05:04 0 d-------- C:\Program Files\Billionaire II 2007-11-10 20:00:11 0 d-------- C:\Program Files\Capitalism II 2007-11-10 16:11:22 0 d-------- C:\Documents and Settings\Nathan\Application Data\gtk-2.0 2007-11-09 22:13:11 0 d-------- C:\Documents and Settings\Nathan\Application Data\PlayFirst 2007-11-03 16:38:46 0 d-------- C:\Program Files\EZFace -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM] "SigmatelSysTrayApp"="stsystra.exe" [08/15/2006 10:00 AM C:\WINDOWS\stsystra.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 04:47 PM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 12:46 AM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/18/2006 11:29 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/16/2006 09:33 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 05:53 PM] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 04:20 AM] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 02:12 AM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM] "Medichi"="medichi.exe" [12/23/2007 02:59 PM C:\WINDOWS\medichi.exe] "Medichi2"="medichi2.exe" [12/23/2007 10:18 AM C:\WINDOWS\medichi2.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 07:39 PM] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/16/2006 09:29 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 12:49 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/7/2006 9:28:04 AM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2007-12-23 11:54:14 ------------ DECKARDS extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Percentage of Memory in Use: 37% Physical Memory (total/avail): 2046.42 MiB / 1271 MiB Pagefile Memory (total/avail): 3939.06 MiB / 3297.81 MiB Virtual Memory (total/avail): 2047.88 MiB / 1914.11 MiB C: is Fixed (NTFS) - 144.3 GiB total, 85.44 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) K: is Removable (No Media) \\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 62.72 MiB \PARTITION1 (bootable) - Installable File System - 144.3 GiB - C: \PARTITION2 - Unknown - 4.64 GiB \\.\PHYSICALDRIVE5 - HP Photosmart C5180 USB Device \\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device \\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device \\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device \\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.) AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Nathan\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=NATHAN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Nathan LOGONSERVER=\\NATHAN NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\Program Files\Microsoft Office\OFFICE11\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Nathan\LOCALS~1\Temp TMP=C:\DOCUME~1\Nathan\LOCALS~1\Temp USERDOMAIN=NATHAN USERNAME=Nathan USERPROFILE=C:\Documents and Settings\Nathan WecVersionForRosebud.51C=2 windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Nathan Dahlem (admin) Nathan (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /I{64B1CA21-F0E7-41E4-98EE-BF2B3D1A35DE} --> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6} --> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Agere Systems PCI Soft Modem --> agrsmdel AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} ATI Catalyst Control Center --> MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{390FF986-468D-4CA9-8830-2C4B313F447F} /l1033 Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F} C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe" Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0} Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C} DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF} Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C} EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE} GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F} iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033 iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Modem Diagnostic Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Nathan\Application Data\Move Networks\ie_bin\Uninst.exe Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Nathan\Application Data\Move Networks\ie_bin\unins000.exe" Nero 7 --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe" Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PCmover --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{EF1989B2-F482-49D3-BB19-7C81E3EAAB39} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Preclick PhotoBack Plug-in for HP --> MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3} Preclick PhotoMovieMaker --> MsiExec.exe /X{DC858602-D984-4F08-8B88-039CD82ECBB8} Print Perfect DVD --> MsiExec.exe /I{A131EC70-DADF-41B5-94D3-854A4DEF8B28} QuickBooks Enterprise Solutions: Professional Services 5.0 --> msiexec.exe /I {64B1CA21-F0E7-41E4-98EE-BF2B3D1A35DE} UNIQUE_NAME="belprofessional" QBFULLNAME="QuickBooks Enterprise Solutions: Professional Services 5.0" ADDREMOVE=1 QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 REMOVE -removeonly Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat SereneScreen Marine Aquarium Time --> "C:\Program Files\Marine Aquarium Time\unins000.exe" Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9} Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF} URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" Wal-Mart Digital Photo Manager --> MsiExec.exe /X{E8E9A39C-6F70-4261-816F-2B2DE8F7BB13} WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931} -- Application Event Log ------------------------------------------------------- Event Record #/Type6153 / Warning Event Submitted/Written: 12/23/2007 04:43:03 AM Event ID/Source: 2002 / LoadPerf Event Description: The MOF file created for the Outlook service could not be loaded. The error code returned by the MOF Compiler is contained in the Record Data. Before the performance counters of this service can be collected by WMI the MOF file will need to be loaded manually. Contact the vendor of this service for additional information. Event Record #/Type6146 / Error Event Submitted/Written: 12/23/2007 10:19:30 AM Event ID/Source: 2004 / PerfNet Event Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Event Record #/Type6139 / Warning Event Submitted/Written: 12/23/2007 03:27:01 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type6138 / Warning Event Submitted/Written: 12/23/2007 03:27:01 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type6132 / Error Event Submitted/Written: 12/23/2007 03:23:54 PM Event ID/Source: 2004 / PerfNet Event Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type78146 / Warning Event Submitted/Written: 12/23/2007 06:03:32 PM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type78142 / Warning Event Submitted/Written: 12/23/2007 03:42:23 PM Event ID/Source: 20 / Print Event Description: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. Event Record #/Type78141 / Warning Event Submitted/Written: 12/23/2007 03:42:23 PM Event ID/Source: 3 / Print Event Description: Printer Microsoft Office Document Image Writer was deleted. Event Record #/Type78140 / Warning Event Submitted/Written: 12/23/2007 03:42:21 PM Event ID/Source: 4 / Print Event Description: Printer Microsoft Office Document Image Writer is pending deletion. Event Record #/Type78137 / Warning Event Submitted/Written: 12/23/2007 03:40:48 PM Event ID/Source: 20 / Print Event Description: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. -- End of Deckard's System Scanner: finished at 2007-12-23 11:54:14 ------------ Thank You |
|
     |
|
12-25-2007, 03:35 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: Virus taking over my computor!
www.bleepingcomputer.com
www.forospyware.com www.geekstogo.com 1. Please choose from any of the above links. Download the file & Save it to Desktop. ## IMPORTANT ## - Rename ComboFix.exe to Combo.exe before running it 2. Double click on Combo.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
12-25-2007, 05:59 PM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 11
OS: windows xp
|
Re: Virus taking over my computor!
Thank you for your help.
ComboFix 07-12-26.3 - Nathan 2007-12-24 18:05:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1520 [GMT -6:00] Running from: C:\Documents and Settings\Nathan\Desktop\Combo.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dllcache\beep.sys C:\WINDOWS\system32\drivers\beep.sys C:\WINDOWS\medichi.exe C:\WINDOWS\medichi2.exe C:\WINDOWS\murka.dat . ((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))) . 2007-12-23 11:50 . 2007-12-23 11:50 <DIR> d-------- C:\Deckard 2007-12-23 04:40 . 2007-12-23 08:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-23 04:40 . 2007-12-23 04:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-23 04:40 . 2007-12-23 04:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-23 04:40 . 2007-12-23 04:40 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-22 23:44 . 2007-12-22 23:44 <DIR> d-------- C:\ie-spyad_zo 2007-12-22 23:29 . 2007-12-22 23:34 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-22 23:29 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-22 22:07 . 2007-12-22 23:40 <DIR> d-------- C:\Documents and Settings\Nathan\Application Data\HouseCall 6.6 2007-12-21 20:59 . 2007-12-22 14:46 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-15 11:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-15 11:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-14 16:35 . 2007-12-14 16:35 <DIR> d-------- C:\Program Files\Router 2007-12-12 22:58 . 2007-12-12 22:58 127 --a------ C:\WINDOWS\system32\MRT.INI 2007-12-11 16:34 . 2007-12-11 17:20 <DIR> d-------- C:\Program Files\Fashion Fits 2007-12-11 16:34 . 2007-12-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2007-12-11 11:37 . 2007-12-11 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-08 17:11 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-08 17:00 . 2007-12-10 09:07 <DIR> d-------- C:\Documents and Settings\Nathan\.housecall6.6 2007-12-04 21:10 . 2007-12-04 21:10 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 17:53 --------- d-----w C:\Program Files\Trend Micro 2007-12-23 14:11 --------- d-----w C:\Program Files\QuickTime 2007-12-23 14:06 --------- d-----w C:\Program Files\iTunes 2007-12-23 14:03 --------- d-----w C:\Program Files\DIGStream 2007-12-23 14:03 --------- d-----w C:\Program Files\Digital Line Detect 2007-12-23 14:03 --------- d-----w C:\Program Files\Dell Support 2007-12-23 14:00 --------- d-----w C:\Program Files\BAE 2007-12-23 10:36 --------- d-----w C:\Program Files\Dell 2007-12-05 01:29 --------- d-----w C:\Program Files\DivX 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 04:26 --------- d-----w C:\Documents and Settings\Nathan\Application Data\Image Zone Express 2007-11-11 02:05 --------- d-----w C:\Program Files\Billionaire II 2007-11-11 02:00 --------- d-----w C:\Program Files\Capitalism II 2007-11-10 22:11 --------- d-----w C:\Documents and Settings\Nathan\Application Data\gtk-2.0 2007-11-10 04:13 --------- d-----w C:\Documents and Settings\Nathan\Application Data\PlayFirst 2007-11-10 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-11-03 22:38 --------- d-----w C:\Program Files\EZFace 2007-03-30 13:40 88 --sh--r C:\WINDOWS\system32\AF70AD4B7B.sys 2007-03-30 13:42 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-23_10.20.57.51 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll - 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll + 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll + 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll + 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll + 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll + 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll + 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll + 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll + 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll + 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll + 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll + 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll + 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll + 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll + 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll + 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll + 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll + 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll + 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll + 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll + 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll + 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys + 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys + 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll + 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll + 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe - 2007-12-22 20:32:05 53,248 ----a-w C:\WINDOWS\system32\dllcache\beep.sys + 2003-12-18 20:00:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys - 2007-12-22 20:32:05 53,248 ----a-w C:\WINDOWS\system32\drivers\beep.sys + 2003-12-18 20:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys - 2007-12-23 20:55:12 64,704 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-23 10:43:03 65,548 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-23 20:55:12 406,916 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-23 10:43:03 409,820 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe + 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01] "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:00 C:\WINDOWS\stsystra.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:47] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 00:46] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-16 09:33] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 04:20] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-10 05:00 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-07 09:28:04] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2006-05-03 09:19] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2006-05-03 09:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2007-12-18 20:16:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-23 07:46:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 18:09:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 18:10:10 - machine was rebooted C:\ComboFix2.txt ... 2007-12-23 10:22 . 2007-12-23 21:42:33 --- E O F --- |
|
|
|
|
12-26-2007, 02:47 AM
|
#5 (permalink) | ||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: Virus taking over my computor!
Quote:
ComboFix has nuetralised the threat by removing them. You will need to copy a fresh copy of beep.sys from another XP SP2 machine for replacement. Quote:
------------- Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
|
||
|
|
|
|
12-26-2007, 11:35 AM
|
#6 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 11
OS: windows xp
|
Re: Virus taking over my computor!
Thank you for your help. It is really slow to reboot-up. The PC-cillin still refuseds to work, it will not uninstall or let me reinstall. I get: Runtime Error Program:.....orgam files\Trend Micro\Internet Security 12\pccmain.exe. abnormal program termination How do I copy the beep.sys and put on my comp |
