Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Spyware keeps on coming back also can't shutdown from the start menu it's not showing Spyware keeps on coming back also can't shutdown from the start menu it's not showing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-29-2007, 07:02 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Spyware keeps on coming back also can't shutdown from the start menu it's not showing
There is this spyware named ISPY that keeps on coming back I used Spyware terminator but it deletes it but when I reboot it comes back Omg I hate it. Also my Shutdown/restart and run doesn't display on my Startmenu because of the viruses/spyware. Man everything was working fine till these viruses/spyware came nooooo!!!!! Dang and also my task manager doesn't work it says, "Task Manager has been disabled by the adminstrator." WTF Well if you can help me Thank you Also My programs that I'm using are spyware terminator, AVG antivirus free, and spywareblaster. Well I followed the 5 steps stickies and it says to post some stuff here. Well here it is

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:08:32 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\An Tran\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: tuvtqro - tuvtqro.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 9356 bytes



Panda online scanner


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@atdmt[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@atdmt[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@burstnet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@burstnet[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@findwhat[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@server.iad.liveperson[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@server.iad.liveperson[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@statse.webtrendslive[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@statse.webtrendslive[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@www.burstbeacon[1].txt
Virus:W32/Bobax.DA.worm Disinfected C:\Program Files\Cisco Systems\Clean Access Agent\AV41\OPSWATAVCommon.dll
Adware:Adware/BHO Not disinfected C:\WINDOWS\system32\adssite-remove.exe
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-31-2007, 02:00 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,754
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Hi -

If you followed the 5 steps completely, you'd have seen we want a set of logs from Deckard's System Scanner.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

For now, I'd like a more comprehensive set of logs from Deckard's System Scanner.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....
---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-01-2008, 02:58 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Hi I got your email. When i use dss.exe the first the main text pop upped with the extra text but I saw that my browser is on so i had to exit and I re-did the test and only the main text came out. Oh yea my shutdown and restart came back and my task manager works now(I ran Super-antispyware). Also I have a question do i reboot my computer into safe mode and go to adminstrative account because thats my admin place but I won't get any internet even with boot with networking. Also I appreciate your help I will donate but I gotta see if theres still money on my prepaid credit card. Well Thank You and for your help and have a happy new year. Well heres my main txt. I dont have my ext. text. Grrr my internet so slowwww dang viruses.

Deckard's System Scanner v20071014.68
Run by An Tran on 2008-01-01 13:37:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as An Tran.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:58 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\An Tran\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANTRAN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O20 - Winlogon Notify: tuvtqro - tuvtqro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6803 bytes

-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2008-01-01 13:21:42 0 d-------- C:\Program Files\Trend Micro
2008-01-01 00:44:38 850 --a------ C:\Documents and Settings\An Tran\FileName.vbs
2008-01-01 00:43:23 0 d-------- C:\Program Files\RegScrubXP
2007-12-31 21:07:11 0 d-------- C:\Program Files\Lavasoft
2007-12-31 21:07:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 20:50:01 0 d-------- C:\Program Files\Common Files\Funk Software
2007-12-31 18:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:52:10 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 15:56:15 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-12-31 15:56:15 0 d-------- C:\Program Files\DAP
2007-12-31 15:34:13 0 dr-h----- C:\Documents and Settings\An Tran\Recent
2007-12-31 14:44:26 0 d-------- C:\Documents and Settings\An Tran\Application Data\AVG7
2007-12-31 14:44:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-31 14:31:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:31:21 0 d-------- C:\Documents and Settings\An Tran\Application Data\SUPERAntiSpyware.com
2007-12-31 14:26:02 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-31 14:25:42 0 d-------- C:\Program Files\kernel
2007-12-31 13:21:42 0 d-------- C:\WINDOWS\McAfee.com
2007-12-31 12:41:02 0 d-------- C:\Program Files\McAfee
2007-12-31 01:03:38 0 d-------- C:\Program Files\FlashGet
2007-12-31 00:35:33 0 d-------- C:\Program Files\uTorrent
2007-12-31 00:35:31 0 d-------- C:\Documents and Settings\An Tran\Application Data\uTorrent
2007-12-30 18:56:05 0 d-------- C:\Documents and Settings\An Tran\Application Data\DivX
2007-12-30 18:45:32 0 d-------- C:\divx
2007-12-30 18:20:51 0 d-------- C:\Program Files\VideoLAN
2007-12-30 17:09:55 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-12-30 17:09:55 0 d-------- C:\Program Files\Spy Cleaner Gold
2007-12-30 16:02:43 0 d-------- C:\VundoFix Backups
2007-12-30 10:18:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 09:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-30 09:52:47 0 d-------- C:\Documents and Settings\An Tran\Application Data\PrevxCSI
2007-12-29 21:52:59 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-29 21:51:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-29 21:22:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-29 21:17:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-29 19:39:59 5464604 --a------ C:\WINDOWS\system32\SBSP.dat
2007-12-29 19:31:25 459 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-29 19:12:02 0 d-------- C:\Documents and Settings\An Tran\Application Data\Sunbelt Software
2007-12-29 18:51:45 0 d-------- C:\Documents and Settings\An Tran\Application Data\True Sword
2007-12-29 18:47:13 0 d-------- C:\Program Files\Helper
2007-12-29 18:36:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-29 12:39:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-29 11:58:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-29 11:57:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-29 11:57:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-29 11:57:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-29 11:57:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-29 11:57:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-29 11:57:47 524288 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-29 11:41:37 0 d-------- C:\Program Files\WinClamAVShield
2007-12-29 10:16:45 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-29 10:12:44 8576 --a------ C:\WINDOWS\system32\drivers\pilvondljxwl.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-29 02:09:06 0 d-------- C:\Documents and Settings\An Tran\.housecall6.6
2007-12-29 01:56:09 0 d-------- C:\Program Files\Enigma Software Group
2007-12-29 00:34:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-12-28 22:37:52 0 dr-h----- C:\$VAULT$.AVG
2007-12-28 22:29:45 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-12-28 22:28:21 0 d-------- C:\Program Files\Dealio
2007-12-28 22:27:22 2 --a------ C:\-2073593180
2007-12-28 22:27:11 54314 --a------ C:\WINDOWS\system32\xpdx.sys
2007-12-28 10:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 09:46:48 0 d-------- C:\Program Files\ImTOO
2007-12-28 08:39:36 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-12-27 19:39:52 0 d-------- C:\Program Files\Common Files\NSV
2007-12-27 14:51:37 348160 --a------ C:\WINDOWS\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2007-12-27 14:51:37 14909 --a------ C:\WINDOWS\system32\A_reg.reg
2007-12-27 14:51:36 364544 --a------ C:\WINDOWS\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2007-12-27 14:40:39 0 d-------- C:\ConverterOutput
2007-12-27 14:39:56 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-27 14:39:56 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-12-27 14:39:55 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-27 14:39:55 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-27 14:39:55 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-27 14:39:48 0 d-------- C:\Program Files\Cucusoft
2007-12-27 14:34:01 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-27 14:34:01 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-27 14:33:58 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 14:17:43 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 14:13:52 0 d-------- C:\Program Files\TubeSucker
2007-12-27 13:38:27 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Store Purchased
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Shared
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Saved
2007-12-27 12:35:10 0 d-------- C:\Documents and Settings\An Tran\Application Data\BitTorrent
2007-12-27 12:35:05 0 d-------- C:\Program Files\DNA
2007-12-27 12:35:05 0 d-------- C:\Documents and Settings\An Tran\Application Data\DNA
2007-12-23 11:53:11 0 d-------- C:\Program Files\SCAR 3.12
2007-12-17 22:04:54 1751 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-12-15 13:02:25 0 d-------- C:\Documents and Settings\An Tran\Application Data\Apple Computer
2007-12-15 09:30:45 0 d-------- C:\Documents and Settings\An Tran\Application Data\MPEG Streamclip
2007-12-15 09:13:11 0 d-------- C:\Program Files\QuickTime
2007-12-15 09:13:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 09:12:35 0 d-------- C:\Program Files\Apple Software Update
2007-12-15 09:12:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 19:31:47 0 d-------- C:\Documents and Settings\An Tran\Application Data\Sony Corporation
2007-12-10 19:18:11 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-10 19:18:10 0 d-------- C:\Drivers
2007-12-10 19:16:46 0 d-------- C:\Program Files\Sony
2007-12-03 17:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 17:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-01 17:32:37 0 d-------- C:\Documents and Settings\An Tran\Application Data\Motive
2007-12-01 17:31:19 0 d-------- C:\WINDOWS\Motive
2007-12-01 17:31:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-01 17:30:37 0 d-------- C:\Program Files\SBC Self Support Tool


-- Find3M Report ---------------------------------------------------------------

2008-01-01 13:33:59 0 d-------- C:\Program Files\Steam
2007-12-31 2142 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 20:50:01 0 d-------- C:\Program Files\Common Files
2007-12-31 20:49:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-31 15:07:27 0 d-------- C:\Program Files\DivX
2007-12-31 14:26:07 0 d-------- C:\Documents and Settings\An Tran\Application Data\LimeWire
2007-12-30 18:22:44 0 d-------- C:\Documents and Settings\An Tran\Application Data\vlc
2007-12-28 08:38:42 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-27 12:36:42 0 d-------- C:\Documents and Settings\An Tran\Application Data\Adobe
2007-12-10 19:23:20 0 d-------- C:\Program Files\Yahoo!
2007-12-10 19:23:18 0 d-------- C:\Program Files\WinAce
2007-11-29 14:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 14:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 14:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 13:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-21 21:48:59 0 d-------- C:\Program Files\AIM6
2007-11-02 16:18:27 0 d-------- C:\Program Files\Java
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-17 09:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
12/31/2007 11:52 PM 15872 --a------ C:\Program Files\Helper\superfindout.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 08:05 PM]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [09/09/2003 04:36 PM]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 03:12 PM]
"PCTVOICE"="pctspk.exe" [02/24/2003 02:35 PM C:\WINDOWS\system32\pctspk.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 11:28 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/31/2007 02:43 PM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [12/31/2007 03:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [04/04/2007 06:42 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 05:23 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [12/27/2007 12:35 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\An Tran\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/10/2007 7:17:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 12:15:54 AM]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [12/31/2007 8:49:36 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqro]
tuvtqro.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe



-- End of Deckard's System Scanner: finished at 2008-01-01 13:38:27 ------------
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-01-2008, 03:04 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,754
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
If you've run DSS more than once, extra.txt should be located at C:\Deckard\System Scanner or in a numbered folder within that location. Please post it in your next reply. If you still can't find it, do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config
Click on "Check All"

Click on "Uncheck All"

On the right side, under Extra Log, check all except "Event Logs".

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

-----------------------------------------------

Quote:
Also I have a question do i reboot my computer into safe mode and go to adminstrative account because thats my admin place but I won't get any internet even with boot with networking.
No. All work should be done in your usual account unless otherwise stated. Also, do not use Safe Mode unless it's specifically stated in the instructions.

Quote:
Also I appreciate your help I will donate but I gotta see if theres still money on my prepaid credit card.
It's only if you can, certainly not a requirement. My assistance is free of charge, but the forum needs donations to maintain servers and software upgrades.

----------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-01-2008, 04:33 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Event Description:
The file C:\Documents and Settings\An Tran\Local Settings\Temp\RarSFX0\whiehlpr.dll contains Spyware-WebHancer Spyware. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35146 / Warning
Event Submitted/Written: 01/01/2008 03:21:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35120 / Warning
Event Submitted/Written: 01/01/2008 01:50:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35119 / Warning
Event Submitted/Written: 01/01/2008 01:36:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35090 / Warning
Event Submitted/Written: 01/01/2008 01:28:55 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35085 / Warning
Event Submitted/Written: 01/01/2008 01:15:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-01 15:22:12 ------------
Attached Files
File Type: txt extra.txt (2.9 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-01-2008, 04:43 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
I found my old one

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 767.23 MiB / 403.88 MiB
Pagefile Memory (total/avail): 1300.99 MiB / 974.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.73 MiB

C: is Fixed (NTFS) - 27.95 GiB total, 16.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3021GAS - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Steam\\steamapps\\talon53@comcast.net\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\talon53@comcast.net\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"="C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe:*:Enabled:Clean Access Agent"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\riotsk8er05@juno.com\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\riotsk8er05@juno.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\shadow fo life\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\shadow fo life\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Westwood\\RA2\\game.exe"="C:\\Westwood\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Nexon\\MapleStory\\NewPatcher.exe"="C:\\Nexon\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Nexon\\MapleStory\\Patcher.exe"="C:\\Nexon\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hltv.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\Valve\\HLServer\\hlds.exe"="C:\\Program Files\\Valve\\HLServer\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\dedicated server\\hlds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\An Tran\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=INSPIRON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\An Tran
LOGONSERVER=\\INSPIRON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANTRAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANTRAN~1\LOCALS~1\Temp
USERDOMAIN=INSPIRON
USERNAME=An Tran
USERPROFILE=C:\Documents and Settings\An Tran
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

An Tran (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Cucusoft DVD to Zune + Zune Video Converter Suite 6.2.5.16 --> "C:\Program Files\Cucusoft\zune-converter\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
MapleStory --> MsiExec.exe /I{A4722257-521C-48E6-9F8D-11B286645AD3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Odyssey SDK --> MsiExec.exe /I{99D42EC7-652B-4819-B3E6-6450C815E03F}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Zune Video Converter 3 --> C:\Program Files\ImTOO\Zune Video Converter 3\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9130 / Warning
Event Submitted/Written: 12/31/2007 10:04:02 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type9121 / Error
Event Submitted/Written: 12/31/2007 09:14:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.1.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9108 / Error
Event Submitted/Written: 12/31/2007 06:05:27 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 504754043.

Event Record #/Type9107 / Error
Event Submitted/Written: 12/31/2007 06:05:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.1.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9073 / Warning
Event Submitted/Written: 12/31/2007 02:24:35 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\Documents and Settings\An Tran\Local Settings\Temp\RarSFX0\whiehlpr.dll contains Spyware-WebHancer Spyware. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35085 / Warning
Event Submitted/Written: 01/01/2008 01:15:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35031 / Warning
Event Submitted/Written: 01/01/2008 00:41:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35029 / Warning
Event Submitted/Written: 01/01/2008 00:37:42 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014BFD8A03E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35026 / Warning
Event Submitted/Written: 01/01/2008 00:37:29 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Wireless-G Notebook Adapter WLAN Monitor Gcc"

Event Record #/Type35025 / Warning
Event Submitted/Written: 01/01/2008 00:37:29 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Wireless-G Notebook Adapter WLAN Monitor Gcc"



-- End of Deckard's System Scanner: finished at 2008-01-01 13:27:45 ------------
Attached Files
File Type: txt extra.txt (16.8 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-01-2008, 05:09 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team