|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-26-2007, 06:41 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: New England, USA
Posts: 7
OS: xp sp2
|
Help for Trojan.Adclicker virus
I can't believe I have found this website, with people that actually seem to have time to help and the knowledge to solve issues.
Here is my issue: I seem to have a problem with a virus called Trojan.adclicker. I use Norton Internet security 2008, and every day for the last 10 when the system turns on, noton will inform that is has resolved an issue with this virus. (Except I restarted my system to try to get DSS to run, and norton log does not show the virus THIS time!). When I check the norton history log, I will find (at the time the system was turned on) 7 entries that state that auto protect has detected trojan.adclicker and the status lists it as "blocked". The more details tab lists two different files. One is called discover[1].exe the other is called indt2.sys. Of course at the location shows nothing of these files... Actual system effects appear minimal (on the surface at least). The system starts much slower. After the xp splash screen disappears the screen remains dark for about 20 sec, then the mouse pointer only, then about another 5 sec, then the desktop background only, then about 40 seconds until the desktop items/icons are loaded, then about 1-2 minutes until finally norton icon appears (probably norton hard at work with this issue...). Once the system is on, no other bad effects, pop ups, etc, just normal ops. I have followed the 5 steps outlines in the posting thread. I did install spyware blaster, but have not run it yet. Panda active scan was run. I did not download IE-spyad yet, as I don't think this is a problem for me personally, but I will install it if required to attack this issue. I have downloaded DSS, but It crashes when it gets to "examining event logs". I have read thru several threads and seen comments concerning P2P software. I do run Utorrent, but I use it responsibly and carefully (although maybe not so carefully depending on where this came from...). I will subscribe to this thread and watch for posts. Thanks for reading... Rick NH, USA Here are my HJT and Panda logs: HJT: (this log was produced after my system was turned off and restarted after the panda scan was run and DSS was attempted. Norton did not show blocking trojan.adclicker on this system turn on, but sytem was still slow to turn on) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:34 PM, on 11/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdler.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe C:\Program Files\FarStone\DriveClone Pro\fsloader.exe C:\Program Files\FarStone\DriveClone Pro\EFB\EfbSchedule.exe C:\Program Files\FarStone\DriveClone Pro\VerChk.exe C:\Program Files\FarStone\DriveClone Pro\VBPTask.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\SpeedFan\speedfan.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - S-1-5-18 Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'SYSTEM') O4 - .DEFAULT Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193239979570 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks.yahoo.com/YbConvFav.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A71D46F-3EF6-4216-8D06-223B7A5C09E0}: NameServer = 192.168.1.1,192.168.1.2 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DriveClone Scheduler (DCScheduler) - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Restore FarStone File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe O23 - Service: FarStone RestoreIT Loader - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\fsloader.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 13781 bytes ----------------------------------- Panda: Incident Status Location Virus:Trj/Downloader.QVL Disinfected Operating system Adware:adware/cws Not disinfected C:\Documents and Settings\Administrator\Favorites\Health Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\rick@go[2].txt Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Rick\Cookies\rick@247realmedia[1].txt Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\Rick\Cookies\rick@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected F:\Documents and Settings\Rick\Cookies\rick@adrevolver[1].txt Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\Rick\Cookies\rick@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected F:\Documents and Settings\Rick\Cookies\rick@adtech[1].txt Spyware:Cookie/Advertising Not disinfected F:\Documents and Settings\Rick\Cookies\rick@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected F:\Documents and Settings\Rick\Cookies\rick@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\Rick\Cookies\rick@atdmt[2].txt Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Rick\Cookies\rick@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected F:\Documents and Settings\Rick\Cookies\rick@burstnet[1].txt Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\Rick\Cookies\rick@casalemedia[2].txt Spyware:Cookie/Cd Freaks Not disinfected F:\Documents and Settings\Rick\Cookies\rick@cdfreaks[2].txt Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\Rick\Cookies\rick@com[1].txt Spyware:Cookie/Hitslink Not disinfected F:\Documents and Settings\Rick\Cookies\rick@counter.hitslink[1].txt Spyware:Cookie/did-it Not disinfected F:\Documents and Settings\Rick\Cookies\rick@did-it[2].txt Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Rick\Cookies\rick@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected F:\Documents and Settings\Rick\Cookies\rick@ehg-dig.hitbox[2].txt Spyware:Cookie/FastClick Not disinfected F:\Documents and Settings\Rick\Cookies\rick@fastclick[1].txt Spyware:Cookie/Go Not disinfected F:\Documents and Settings\Rick\Cookies\rick@go[1].txt Spyware:Cookie/Linksynergy Not disinfected F:\Documents and Settings\Rick\Cookies\rick@linksynergy[2].txt Spyware:Cookie/Adrevolver Not disinfected F:\Documents and Settings\Rick\Cookies\rick@media.adrevolver[1].txt Spyware:Cookie/Mediaplex Not disinfected F:\Documents and Settings\Rick\Cookies\rick@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\Rick\Cookies\rick@overture[2].txt Spyware:Cookie/Overture Not disinfected F:\Documents and Settings\Rick\Cookies\rick@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\Rick\Cookies\rick@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Rick\Cookies\rick@realmedia[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected F:\Documents and Settings\Rick\Cookies\rick@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Rick\Cookies\rick@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\Rick\Cookies\rick@statcounter[2].txt Spyware:Cookie/WebtrendsLive Not disinfected F:\Documents and Settings\Rick\Cookies\rick@statse.webtrendslive[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected F:\Documents and Settings\Rick\Cookies\rick@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\Rick\Cookies\rick@tribalfusion[2].txt Spyware:Cookie/BurstBeacon Not disinfected F:\Documents and Settings\Rick\Cookies\rick@www.burstbeacon[1].txt Spyware:Cookie/Cgi-bin Not disinfected F:\Documents and Settings\Rick\Cookies\rick@www1.addfreestats[2].txt Spyware:Cookie/Xiti Not disinfected F:\Documents and Settings\Rick\Cookies\rick@xiti[1].txt Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\Rick\Cookies\rick@zedo[1].txt |
|
     |
| Sponsored Links |
|
11-27-2007, 04:44 AM
|
#2 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: New England, USA
Posts: 7
OS: xp sp2
|
Re: Help for Trojan.Adclicker virus
Found this in the HJT log, Web posts indicate it is a trojan? Is this it?
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) Rick |
|
|
|
|
11-27-2007, 11:53 AM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: New England, USA
Posts: 7
OS: xp sp2
|
Re: Help for Trojan.Adclicker virus
It turns out that the perfs.exe file in the system32 folder had already been deleted. Although the service is listed under services, I checked in safe mode and the service was stopped. I disabled it, but I'm guessing it will no longer work anyway without the missing perfs.exe file. The service is no longer even listed in my current hjt log.
More importantly, it appears that Panda or dss or some other part of the 5 step process has possibly eliminated my problem with trojan adclicker, as I have turned my system on and off 3 separate times in a 16 hour period and Norton is no longer reporting the issue in it's notification messages or it's log and my desktop does appear to be loading normally now. DSS still crashes when it gets to "examining event log", but this could be because of some program or service running in the background I suppose... Am I cured? Rick Last edited by rickd123; 11-27-2007 at 11:57 AM. |
|
|
|
|
11-27-2007, 12:23 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,625
OS: 2000 Pro; XP Pro; XP Home
|
Re: Help for Trojan.Adclicker virus
You've disabled the service, so it won't appear in the HJT log. However, we would still want to remove it.
Let's see what else might be on the system. Please run Deckard's System Scanner once again, this time using these instructions (this assumes DSS is on your desktop!): Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /configOn the right side of the pane, under Extra Log UnTick Event Logs Click Scan! When finished, it shall produce a log for you, main.txt. Post that log in your next reply. If extra.txt is also produced, please post that as well
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. Last edited by tetonbob; 11-27-2007 at 12:24 PM. |
|
|
|
|
11-27-2007, 01:45 PM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: New England, USA
Posts: 7
OS: xp sp2
|
Re: Help for Trojan.Adclicker virus
That worked, ran fine.
Here are both logs, wow, what a wealth of information! Thanks for the very quick response! Rick Deckard's System Scanner v20071014.68 Run by Rick on 2007-11-27 16:33:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 2 Restore Point(s) -- 2: 2007-11-27 01:46:44 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2007-11-27 01:42:28 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Rick.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:34:13 PM, on 11/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdler.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\FarStone\DriveClone Pro\EFB\EfbSchedule.exe C:\Program Files\FarStone\DriveClone Pro\fsloader.exe C:\Program Files\FarStone\DriveClone Pro\VBPTask.exe C:\Program Files\FarStone\DriveClone Pro\VerChk.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\desktop\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Rick.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - S-1-5-18 Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'SYSTEM') O4 - .DEFAULT Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193239979570 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks.yahoo.com/YbConvFav.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A71D46F-3EF6-4216-8D06-223B7A5C09E0}: NameServer = 192.168.1.1,192.168.1.2 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DriveClone Scheduler (DCScheduler) - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Restore FarStone File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe O23 - Service: FarStone RestoreIT Loader - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\fsloader.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 13855 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 dcsnap - c:\windows\system32\drivers\dcsnap.sys R0 giveio - c:\windows\system32\giveio.sys R0 RITFSD - c:\windows\system32\drivers\ritfsd.sys R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R0 VVBackd5 - c:\windows\system32\drivers\vvbackd5.sys <Not Verified; FarStone Technology, Inc.; RestoreIT(8.0).> R1 DCDisk - c:\windows\system32\drivers\dcdisk.sys R1 flbRITDisk - c:\windows\system32\drivers\flbritdisk.sys <Not Verified; Farstone; filedisk> R2 flbdisk - c:\windows\system32\drivers\flbdisk.sys <Not Verified; FarStone Technology, Inc.; filedisk> R2 flbrc - c:\windows\system32\drivers\flbrc.sys R2 HCDisk - c:\windows\system32\drivers\hcdisk.sys R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4> R2 Rcfilter - c:\windows\system32\drivers\rcfilter.sys <Not Verified; FarStone Technology, Inc.; Restore IT!> R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S1 DVDRC - c:\windows\system32\drivers\dvdrc.sys (file missing) S3 ABIT-IO - c:\program files\u-abit\abiteq\abit-io.sys S3 FXDRV - d:\fxdrv.sys (file missing) S3 Memctl - c:\program files\u-abit\flashmenu\memctl.sys S3 SIoctl - c:\windows\system32\drivers\sioctl.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver> S3 WINFLASH - c:\program files\u-abit\flashmenu\winflash.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter> R2 efbfs (Restore FarStone File Event Manager) - c:\program files\farstone\driveclone pro\efb\efbfs.exe <Not Verified; FarStone Technology, Inc.; > R2 FarStone RestoreIT Loader - "c:\program files\farstone\driveclone pro\fsloader.exe" R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S2 DCScheduler (DriveClone Scheduler) - c:\program files\farstone\driveclone pro\cbp\dcschdlersrvc.exe S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service> S3 TiVo.Net Auto-Transcoding Service - "c:\program files\pipkin technologies\tivo.net\tivodotnet.exe" <Not Verified; Pipkin Technologies; DotNetTivoBeacon> S4 perfmons (perfmons Service) - c:\windows\system32\perfs.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-11-26 20:00:00 638 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job 2007-11-23 17:15:00 406 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2007-11-16 21:22:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-10-27 and 2007-11-27 ----------------------------- 2007-11-26 21:44:06 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-11-26 20:38:22 0 d-------- C:\Program Files\SpywareBlaster 2007-11-26 17:01:31 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-11-26 15:19:50 0 d-------- C:\Program Files\Trend Micro 2007-11-25 11:57:00 33295 --a------ C:\WINDOWS\system32\Indt2.sys 2007-11-25 11:08:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3 2007-11-25 10:45:44 0 d-------- C:\Program Files\Spyware Doctor 2007-11-25 10:45:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2007-11-16 21:23:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2007-11-16 21:22:45 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-11-09 22:09:37 0 d-------- C:\WINDOWS\USB-IrDA 2007-11-09 22:08:39 0 d-------- C:\Program Files\Susteen 2007-11-09 21:40:18 0 d-------- C:\Program Files\LG Electronics 2007-11-09 21:31:55 0 d-------- C:\Program Files\QuickTime 2007-11-09 21:31:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-08 12:31:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 2007-11-07 21:35:23 0 d-------- C:\Program Files\Microsoft Games 2007-11-07 16:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2007-11-07 11:58:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis 2007-11-07 11:55:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2007-11-07 11:29:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro 2007-11-07 11:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-11-07 11:28:34 0 d-------- C:\Program Files\DAEMON Tools Pro 2007-11-07 11  19 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys2007-11-06 16:19:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation 2007-11-06 16:10:54 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll 2007-11-06 16:10:54 0 d-------- C:\Drivers 2007-11-06 16:10:20 0 d-------- C:\Program Files\Sony 2007-11-05 21:09:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-05 21 14 0 d-------- C:\Program Files\SlySoft2007-11-05 19:12:13 257024 --a------ C:\WINDOWS\system32\ndt2.sys 2007-11-05 19 31 0 d-------- C:\Program Files\Elaborate Bytes2007-11-05 18:49:41 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-05 18:49:40 0 d-------- C:\Program Files\ffdshow 2007-11-04 10:54:38 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro 2007-11-04 10:52:20 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-11-04 10:52:20 47360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-11-04 10:52:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vso 2007-11-04 10:52:13 0 d-------- C:\Program Files\LG Software Innovations 2007-11-02 08:17:43 4142592 --a------ C:\WINDOWS\system32\qtintf.dll <Not Verified; Borland Software Corporation; Delphi-Qt2.x Interface Library> 2007-11-02 08:17:42 0 d-------- C:\Program Files\APC 2007-11-01 09 00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Zeon2007-11-01 08:54:16 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-01 08:54:13 0 d--h----- C:\Documents and Settings\All Users\Application Data\zeon 2007-11-01 08:54:11 0 d-------- C:\WINDOWS\system32\DocucomRes6 2007-11-01 08:53:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft 2007-11-01 08:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-01 08:52:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2007-11-01 08:52:10 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2007-11-01 08:52:06 0 d-------- C:\Program Files\ScanSoft 2007-10-27 12:46:06 0 d-------- C:\Program Files\MagicISO 2007-10-27 12:41:50 0 d-------- C:\Program Files\Apple Software Update 2007-10-27 12:41:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2007-11-27 14:57:29 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-27 14:41:43 16384 ---h----- C:\logicinf.bin 2007-11-27 14:41:37 1024 ---h----- C:\diskfile1 2007-11-27 14:41:31 0 d-------- C:\Program Files\SpeedFan 2007-11-26 18:21:08 0 d-------- C:\Program Files\Visioneer OneTouch 2007-11-26 18:19:13 0 d-------- C:\Program Files\POP Peeper 2007-11-26 18:19:11 0 d-------- C:\Program Files\Norton Internet Security 2007-11-25 10:44:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-11-25 10:34:30 4194304 -r-h----- C:\spc_kern 2007-11-18 12:24:47 82847744 -r-h----- C:\WINDOWS\dcdisk1_0 2007-11-17 09:34:59 147859456 -r-h----- C:\WINDOWS\dcdisk0_0 2007-11-17 08:32:05 0 d-------- C:\Program Files\PeerGuardian2 2007-11-09 22:09:37 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-07 11:55:08 0 d-------- C:\Program Files\Common Files\Acronis 2007-11-07 11:54:57 0 d-------- C:\Program Files\Acronis 2007-11-05 22:04:55 0 d-------- C:\Program Files\MediaMonkey 2007-11-04 10:52:25 34 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.log 2007-11-04 10:52:20 1144 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.inf 2007-11-04 10:52:20 7887 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.cat 2007-11-01 08:52:14 0 d-------- C:\Program Files\Common Files 2007-11-01 08:52:14 0 d-------- C:\Program Files\Common Files\InstallShield 2007-10-26 20:44:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI MMC 2007-10-26 20:38:15 0 d-------- C:\Program Files\ATI Multimedia 2007-10-26 20:38:11 0 d-------- C:\Program Files\Common Files\ATI 2007-10-26 20:36:06 158345216 -r-h----- C:\WINDOWS\dcdisk2_0 2007-10-26 20:33:34 0 d-------- C:\Program Files\Common Files\ATI Technologies 2007-10-26 20:32:36 0 d-------- C:\Program Files\TitanTV 2007-10-26 20:32:23 0 d-------- C:\Program Files\msaccrt 2007-10-26 20:31:59 0 d-------- C:\Program Files\Windows Media Components 2007-10-26 20:21:02 158345216 -r-h----- C:\WINDOWS\dcdisk2_1 2007-10-26 20:20:42 82847744 -r-h----- C:\WINDOWS\dcdisk1_1 2007-10-26 10:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2007-10-26 10:25:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-10-26 10:03:19 0 d-------- C:\Program Files\Logitech 2007-10-26 09:38:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-10-25 12:33:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\GoodSync 2007-10-25 12:33:15 0 d-------- C:\Program Files\Siber Systems 2007-10-25 09:22:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\POP Peeper 2007-10-25 09:00:14 0 d-------- C:\Program Files\Pipkin Technologies 2007-10-25 08:53:53 0 d-------- C:\Program Files\TiVo 2007-10-25 08:53:53 0 d-------- C:\Program Files\Common Files\TiVo Shared 2007-10-25 08:48:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-25 08:37:03 4204544 -r-h----- C:\WINDOWS\dclog.bin 2007-10-25 08:35:58 0 d-------- C:\Program Files\FarStone 2007-10-25 08:33:05 0 d-------- C:\Program Files\TweakNow RegCleaner Pro 2007-10-25 08:28:59 0 d-------- C:\Program Files\Driver Cleaner PE 2007-10-25 07:52:08 0 d-------- C:\Program Files\Pure Networks 2007-10-25 07:51:46 0 d-------- C:\Program Files\DIFX 2007-10-25 07:51:41 0 d-------- C:\Program Files\Common Files\Pure Networks Shared 2007-10-25 07:50:26 0 d-------- C:\Program Files\DVD Shrink 2007-10-25 07:50:10 0 d-------- C:\Program Files\DVD Decrypter 2007-10-25 07:47:01 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-10-25 07:46:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software 2007-10-25 06:57:34 0 d-------- C:\Program Files\uTorrent 2007-10-25 06:51:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help 2007-10-25 06:38:07 0 d-------- C:\Program Files\CyberLink 2007-10-25 06:29:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real 2007-10-25 06:23:09 0 d-------- C:\Program Files\Common Files\xing shared 2007-10-25 06:23:08 0 d-------- C:\Program Files\Common Files\Real 2007-10-25 06:22:56 0 d-------- C:\Program Files\Real 2007-10-24 17:40:20 0 d-------- C:\Program Files\Symantec 2007-10-24 16:58:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-10-24 16:56:39 0 d-------- C:\Program Files\Windows Sidebar 2007-10-24 16:46:56 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-10-24 16:46:51 0 d-------- C:\Program Files\Microsoft Expression 2007-10-24 16:44:15 0 d-------- C:\Program Files\Microsoft Works 2007-10-24 16:43:46 0 d-------- C:\Program Files\Microsoft.NET 2007-10-24 16:02:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero 2007-10-24 16:02:26 0 d-------- C:\Program Files\Common Files\Nero 2007-10-24 16:01:41 0 d-------- C:\Program Files\Nero 2007-10-24 15:53:14 0 d-------- C:\Program Files\Diskeeper Corporation 2007-10-24 15:27:57 0 d-------- C:\Program Files\DAMN NFO Viewer 2007-10-24 12:44:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-10-24 12:44:16 0 d-------- C:\Program Files\Java 2007-10-24 12:43:51 0 d-------- C:\Program Files\Common Files\Java 2007-10-24 12:42:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-10-24 12:40:48 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-24 10:20:24 0 d-------- C:\Program Files\CCleaner 2007-10-24 10:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2007-10-24 10:13:02 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-10-24 10:11:55 0 d-------- C:\Program Files\ATI Technologies 2007-10-24 09:38:55 0 d-------- C:\Program Files\U-ABIT 2007-10-24 05:37:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2007-10-24 05:27:51 0 d-------- C:\Program Files\Realtek 2007-10-24 05:27:44 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2007-10-24 05:27:01 0 d-------- C:\Program Files\Marvell 2007-10-24 05:25:04 0 d-------- C:\Program Files\Intel 2007-10-24 05:16:11 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-10-24 04:40:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-10-24 04:35:38 0 d-------- C:\Program Files\microsoft frontpage 2007-10-24 04:35:23 0 -rahs---- C:\MSDOS.SYS 2007-10-24 04:35:23 0 -rahs---- C:\IO.SYS 2007-10-24 04:35:23 0 --a------ C:\CONFIG.SYS 2007-10-24 04:35:23 0 --a------ C:\AUTOEXEC.BAT 2007-10-24 04:34:29 0 d--h----- C:\Program Files\WindowsUpdate 2007-10-24 04:33:51 0 d-------- C:\Program Files\Common Files\MSSoap 2007-10-24 04:33:43 0 d-------- C:\Program Files\Movie Maker 2007-10-24 04:32:45 0 d-------- C:\Program Files\Online Services 2007-10-24 04:32:35 0 d-------- C:\Program Files\Windows Media Connect 2 2007-10-24 04:32:31 0 d-------- C:\Program Files\Messenger 2007-10-24 04:32:28 0 d-------- C:\Program Files\MSN Gaming Zone 2007-10-24 04:32:21 0 d-------- C:\Program Files\Windows NT 2007-10-24 00:25:27 0 d-------- C:\Program Files\Common Files\ODBC 2007-10-24 00:25:25 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-10-24 00:24:00 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini 2007-09-28 20:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-09-19 23:50:23 316416 --a------ C:\WINDOWS\system32\wudfx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:22 55808 --a------ C:\WINDOWS\system32\wudfsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:22 165376 --a------ C:\WINDOWS\system32\wudfplatform.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:22 146432 --a------ C:\WINDOWS\system32\wudfhost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:22 356352 --a------ C:\WINDOWS\system32\WPDSp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:22 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:21 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:21 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:21 2603008 --a------ C:\WINDOWS\system32\wpdshext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:19 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:18 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:18 35840 --a------ C:\WINDOWS\system32\wpdconns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:18 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:18 656896 --a------ C:\WINDOWS\system32\wmvxencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:17 767488 --a------ C:\WINDOWS\system32\wmvsencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:17 1382912 --a------ C:\WINDOWS\system32\wmvsdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:16 1574912 --a------ C:\WINDOWS\system32\wmvencod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:15 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:10 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:10 130048 --a------ C:\WINDOWS\system32\wmpps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:10 613376 --a------ C:\WINDOWS\system32\wmpmde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:02 1661440 --a------ C:\WINDOWS\system32\WMPEncEn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:50:01 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:47 534528 --a------ C:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; Microsoft® DRM> 2007-09-19 23:49:45 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:45 4096 --a------ C:\WINDOWS\system32\wdfapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:45 8704 --a------ C:\WINDOWS\system32\uWDF.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:42 199168 --a------ C:\WINDOWS\system32\portabledevicewmdrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:42 132096 --a------ C:\WINDOWS\system32\portabledevicewiacompat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:42 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:42 101888 --a------ C:\WINDOWS\system32\portabledeviceclassextension.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:41 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:39 259072 --a------ C:\WINDOWS\system32\mpg4decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:39 259072 --a------ C:\WINDOWS\system32\mp43decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:38 317440 --a------ C:\WINDOWS\system32\mp4sdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:38 212992 --a------ C:\WINDOWS\system32\mfplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:37 249856 --a------ C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:36 276992 --a------ C:\WINDOWS\system32\audiodev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:29 69120 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:13 36864 --a------ C:\WINDOWS\system32\qfecheck.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:49:05 1275392 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP 2> 2007-09-19 23:48:55 464384 --a------ C:\WINDOWS\system32\imapi2fs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:48:55 317952 --a------ C:\WINDOWS\system32\imapi2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:48:48 7168 --a------ C:\WINDOWS\system32\bitsprx4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:35:02 36352 --a------ C:\WINDOWS\system32\tsgqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:34:38 10752 --a------ C:\WINDOWS\system32\rspndr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:34:35 288768 --a------ C:\WINDOWS\system32\rhttpaa.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:34:30 84480 --a------ C:\WINDOWS\system32\pintool.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:34:17 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2007-09-19 23:33:39 33792 --a------ C:\WINDOWS\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:33:37 106496 --a------ C:\WINDOWS\system32\mmcfxcommon.dll <Not Verified; Microsoft Corporation; Microsoft (R) Windows (R) Operating System> 2007-09-19 23:33:36 397312 --a------ C:\WINDOWS\system32\mmcex.dll <Not Verified; Microsoft Corporation; Microsoft (R) Windows (R) Operating System> 2007-09-19 23:33:20 151552 --a------ C:\WINDOWS\system32\ifxcardm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:33:17 5120 --a------ C:\WINDOWS\system32\hdaudres.dll <Not Verified; Windows (R) Server 2003 DDK provider; Microsoft® Windows® Operating System> 2007-09-19 23:33:16 61952 --a------ C:\WINDOWS\system32\hdashcut.exe <Not Verified; Windows (R) Server 2003 DDK provider; Microsoft® Windows® Operating System> 2007-09-19 23:33:15 25088 --a------ C:\WINDOWS\system32\hdaprop.dll <Not Verified; Windows (R) Server 2003 DDK provider; Microsoft® Windows® Operating System> 2007-09-19 23:32:55 25600 --a------ C:\WINDOWS\system32\bcsprsrc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:32:55 96792 --a------ C:\WINDOWS\system32\basecsp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:32:55 133120 --a------ C:\WINDOWS\system32\axaltocm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-09-19 23:32:48 116736 --a------ C:\WINDOWS\system32\aaclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 08/24/2007 10:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 10/24/2007 04:56 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 10:51 PM 316784] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [09/27/2007 01:20 PM C:\WINDOWS\RTHDCPL.exe] "OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/22/2007 06:53 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 11:53 PM] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [10/01/2007 08:08 PM] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [09/20/2007 10:18 AM] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 08:33 AM] "Logitech Utility"="Logi_MwX.Exe" [12/17/2003 08:50 AM C:\WINDOWS\LOGI_MWX.EXE] "OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [04/16/2002 07:12 AM] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/14/2007 02:52 AM] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 03:02 AM] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/14/2007 02:55 AM] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 05:56 PM] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/2006 11:02 PM] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 08:08 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "ShowDeskFix"=regsvr32 /s /n /i:u shell32 "tscuninstall"=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [9/17/2007 12:04:02 PM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Key.AnyDVD] path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Key.AnyDVD backup=C:\WINDOWS\pss\Key.AnyDVDStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII] C:\Program Files\U-ABIT\abitEQ\ABITEQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler] C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] AutoRun\command- K:\LaunchU3.exe -a *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-11-27 16:34:56 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz CPU 1: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz Percentage of Memory in Use: 41% Physical Memory (total/avail): 2046.42 MiB / 1206.19 MiB Pagefile Memory (total/avail): 3937.71 MiB / 3016.52 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.28 MiB B: is Removable (Unformatted) C: is Fixed (NTFS) - 153.38 GiB total, 121.13 GiB free. D: is CDROM (No Media) E: is Fixed (NTFS) - 279.46 GiB total, 144.17 GiB free. F: is Fixed (NTFS) - 298.08 GiB total, 268.09 GiB free. G: is CDROM (No Media) H: is CDROM (No Media) I: is Removable (NTFS) J: is Removable (No Media) Y: is Removable (No Media) \\.\PHYSICALDRIVE1 - HDS722516VLSA80 - 153.38 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 153.38 GiB - C: \\.\PHYSICALDRIVE0 - ST3300831A - 279.46 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 279.46 GiB - E: \\.\PHYSICALDRIVE2 - ST3320620AS - 298.09 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 298.08 GiB - F: \\.\PHYSICALDRIVE3 - -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Norton Internet Security v15.0.0.60 (Symantec Corporation) AV: Norton Internet Security v15.0.0.60 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service" "C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service" "C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service" "C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface" "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DEN2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\DEN2 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=DEN2 USERNAME=Rick USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 1Click DVD Copy Pro 3.0.1.9 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe" 1CLICK DVD Movie 3.0.0.5 --> "C:\Program Files\LG Software Innovations\1CLICK DVD Movie\unins000.exe" abitEQ V1.1.0.9 --> C:\Program Files\InstallShield Installation Information\{A3DB6885-DDFA-442A-A2C2-EC1842CA4953}\setup.exe -runfromtemp -l0x0009 -removeonly AC-3 ACM Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf Acronis*Disk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0} Acronis*True*Image*Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A} Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409 Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9 AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Multimedia Center 9.16 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3CBA0E30-6F54-47EF-910E-1D4D450AFE45} AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6} Canon S530D --> C:\WINDOWS\system32\CNMCP43.exe "-PRINTERNAMECanon S530D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst2\cnmi0409.dll" ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09} DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74} DataPilot Pix 'n Tunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{87B481FA-1E4A-40B0-80C3-157E9770F436} /l1033 Diskeeper 2007 Pro Premier --> MsiExec.exe /X{072845BA-E1B6-444E-8EB7-57BBC33A5284} DriveClone Pro --> C:\Program Files\FarStone\DriveClone Pro\uninstall.exe DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" ffdshow [beta 1] [2006-12-11] --> "C:\Program Files\ffdshow\unins000.exe" FlashMenu --> C:\Program Files\InstallShield Installation Information\{047E5F60-5357-43FB-A080-1912EB0132A4}\setup.exe -runfromtemp -l0x0009 -removeonly GoodSync V6 --> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe" Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE} Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Nero 8 Demo --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2} Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2} Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D} Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe" POP Peeper --> C:\Program Files\POP Peeper\Uninstall.exe PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly ScanSoft PaperPort 11 --> MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3} ScanSoft PDF Create! 3.0 --> MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316} Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe" Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} TitanTV Client components for ATI --> MsiExec.exe /I{A3DD7BA6-37A6-4245-A167-B3AA137B2157} TiVo Desktop 2.5 --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26} TiVo.Net --> MsiExec.exe /I{BDE9BE70-68D0-4974-BAA5-C07484026733} TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" TweakNow RegCleaner Professional --> "C:\Program Files\TweakNow RegCleaner Pro\unins000.exe" USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9 VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Visioneer 8100 Scanner --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_EA1D46527BDDE0262D42D36737D2D9EC73FFB1A0\pnarp.inf Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_63F463FB269B562703E37AAC1A91B3A645B65380\purendis.inf Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- End of Deckard's System Scanner: finished at 2007-11-27 16:34:56 ------------ |
|
|
|
|
11-27-2007, 02:24 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,625
OS: 2000 Pro; XP Pro; XP Home
|
Re: Help for Trojan.Adclicker virus
That all looks fine.
To delete the service: Go to Start > Run and copy/paste the following, then Press Enter: sc delete perfmons Clear your cookies: Clear your Internet Explorer7 cookies.
Any problems? Update your AV and run a full system scan. Let me know how your machine is.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
11-28-2007, 07:47 AM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2007
Location: New England, USA
Posts: 7
OS: xp sp2
|
Re: Help for Trojan.Adclicker virus
My system is running fine. Norton shows no sign of the troan.
Thank you VERY MUCH! This is a great site with great talent and information. I feel rather computer literate but was ot of ideas. Thanks again, Rick NH, USA |
|
|
|
|
11-28-2007, 07:58 AM
|
#8 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,625
OS: 2000 Pro; XP Pro; XP Home
|
Re: Help for Trojan.Adclicker virus
Good job, Rick.
Your machine seems well protected. I offer this information as food for thought. Your logs appear clean.You should be good to go. We still have a few items to address. C:\Deckard is DSS working folder. You can safely delete it. Also delete dss.exe To help protect your computer in the future I recommend as options the following free programs if you don't have them already:
Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
| Thread Tools | |
|
|
