Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

looks like I got hit by a drive by website

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

looks like I got hit by a drive by website

Unread postby lagger » November 18th, 2007, 7:49 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:45:33 PM, on 11/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\System32\vtusppq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - Winlogon Notify: vtusppq - C:\WINDOWS\SYSTEM32\vtusppq.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

help appreciated
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm
Advertisement
Register to Remove

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 19th, 2007, 6:21 am

Hi lagger

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 19th, 2007, 8:17 am

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 6:14:41 PM 11/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 6:19:52 PM 11/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 7:05:31 PM 11/18/2007

Listing files found while scanning....

No infected files were found.
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 19th, 2007, 8:52 am

Hi

  • Open a new notepad window
  • Paste the list of files from the quote box below into the notepad window.
    C:\WINDOWS\System32\vtusppq.dll
  • Save this as vundofix.vft and Save as type "all files".
  • Double-click VundoFix.exe to run it.
  • Drag vundofix.vft onto the listbox (white box) of VundoFix.
  • Click the "Remove Vundo" button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 19th, 2007, 10:23 pm

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 6:14:41 PM 11/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 6:19:52 PM 11/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 7:05:31 PM 11/18/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 9:12:25 PM 11/19/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\System32\vtusppq.dll
C:\WINDOWS\System32\vtusppq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 9:16:57 PM 11/19/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


Logfile of HijackThis v1.99.1
Scan saved at 9:19:57 PM, on 11/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


I am still getting redirected pages ..and avg keeps giving me popup warnings about new trojans including when I tried to reply here
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 20th, 2007, 4:59 am

Hi

"I am still getting redirected pages ..and avg keeps giving me popup warnings about new trojans including when I tried to reply here"

Yes, vundo is not gone. Actually it just hided 02 and 020 entries and we will need to that's why rename HijackThis.exe.

Rename HijackThis.exe to lagger.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 20th, 2007, 8:14 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:01 AM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\Lagger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\vtusppq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {94DF8270-AF37-4A2E-8B32-2973AC95A9E1} - C:\WINDOWS\System32\ssqrq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4944 bytes
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 20th, 2007, 8:33 am

Hi

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 20th, 2007, 6:41 pm

Deckard's System Scanner v20071014.68
Run by Michael on 2007-11-20 17:32:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-11-20 22:32:12 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-20 02:27:29 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:26 PM, on 11/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\DOCUME~1\Michael\Desktop\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4685 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Michael\Desktop\backups\) -------------

backup-20071120-071611-504 O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\vtusppq.dll (file missing)
backup-20071120-071739-831 O2 - BHO: (no name) - {94DF8270-AF37-4A2E-8B32-2973AC95A9E1} - C:\WINDOWS\System32\ssqrq.dll (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 RivaTuner32 - c:\program files\rivatuner v2.04\rivatuner32.sys

S3 catchme - c:\docume~1\michael\locals~1\temp\catchme.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 L6POD (L6 PODxt Service) - c:\windows\system32\drivers\l6pod.sys <Not Verified; Line 6; GuitarPort>
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-19 22:19:26 0 dr-h----- C:\Documents and Settings\Michael\Recent
2007-11-19 21:28:04 0 d-------- C:\VundoFix Backups
2007-11-18 21:47:17 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2007-11-18 20:54:05 0 d-------- C:\Program Files\EarthLink
2007-11-18 20:40:02 437934 --ahs---- C:\WINDOWS\System32\qrqss.ini2
2007-11-18 18:27:48 0 d-------- C:\WINDOWS\System32\appmgmt
2007-11-18 11:49:44 0 d-------- C:\WINDOWS\System32\rMa01yy
2007-11-18 11:49:44 0 d-------- C:\Temp
2007-11-18 11:37:29 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-18 11:32:43 0 d-------- C:\Program Files\Activision
2007-11-18 10:11:24 0 d-------- C:\Garmin750 backup
2007-11-10 09:29:14 0 d-------- C:\Program Files\CD-DA X-Tractor
2007-11-08 21:48:22 0 d-------- C:\AG
2007-11-07 21:35:17 0 d-------- C:\Garmin
2007-10-25 10:41:26 0 d-------- C:\Program Files\Skype
2007-10-25 10:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-23 15:35:14 49152 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-10-23 15:35:03 0 d-------- C:\Program Files\Realtek
2007-10-23 15:35:01 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-10-22 23:00:11 56824 --a------ C:\WINDOWS\SnipIt-Uninstall.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-20 07:34:00 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-19 07:30:07 0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2007-11-18 21:27:38 0 d-------- C:\Program Files\SpywareBlaster
2007-11-18 18:27:45 0 d-------- C:\Program Files\Common Files
2007-11-18 18:26:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-18 00:01:12 0 d-------- C:\Program Files\Kuma Games
2007-11-02 21:51:34 0 d-------- C:\Program Files\Audacity
2007-10-15 22:25:58 0 d-------- C:\Documents and Settings\Michael\Application Data\ImgBurn
2007-10-15 22:25:37 0 d-------- C:\Program Files\ImgBurn
2007-10-15 22:21:50 0 d-------- C:\Program Files\Resounding
2007-10-10 12:24:21 86 --a------ C:\Documents and Settings\Michael\Application Data\22.cmd
2007-10-10 10:09:42 0 d-------- C:\Program Files\DiskCheckup
2007-10-09 23:30:46 0 d-------- C:\Documents and Settings\Michael\Application Data\SecondLife
2007-10-09 23:30:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2007-10-07 21:52:04 0 d-------- C:\Program Files\Line6
2007-10-07 21:27:29 0 d-------- C:\Program Files\Java
2007-10-07 21:17:25 0 d-------- C:\Documents and Settings\Michael\Application Data\Line 6
2007-10-03 00:23:29 0 d-------- C:\Program Files\MSI
2007-09-30 22:41:28 0 d-------- C:\Program Files\Google
2007-09-29 20:42:17 0 d-------- C:\Program Files\CCleaner
2007-09-27 13:12:52 0 d-------- C:\Program Files\RivaTuner v2.04
2007-09-27 13:11:56 0 d-------- C:\Documents and Settings\Michael\Application Data\DivX
2007-09-26 22:21:55 0 d-------- C:\Program Files\DVD Decrypter
2007-09-26 12:41:38 0 d-------- C:\Program Files\DivX
2007-09-25 20:53:53 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-09-25 20:53:30 0 d-------- C:\Program Files\Common Files\Java
2007-09-25 14:25:31 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-25 14:01:51 0 d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-25 13:43:22 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-09-25 13:42:48 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-25 09:36:34 0 d-------- C:\Program Files\EA SPORTS
2007-09-24 22:36:35 0 d-------- C:\Program Files\DVD Shrink
2007-09-24 15:18:02 662016 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-24 15:18:02 405504 --a------ C:\WINDOWS\System32\libmplayer.dll
2007-09-24 15:18:02 114688 --a------ C:\WINDOWS\System32\libmpeg2_ff.dll
2007-09-24 15:18:02 3196928 --a------ C:\WINDOWS\System32\libavcodec.dll
2007-09-24 15:18:02 8192 --a------ C:\WINDOWS\System32\FLT_ffdshow.dll
2007-09-24 15:18:02 533504 --a------ C:\WINDOWS\System32\ff_x264.dll
2007-09-24 15:18:02 26624 --a------ C:\WINDOWS\System32\ff_wmv9.dll
2007-09-24 15:18:02 38400 --a------ C:\WINDOWS\System32\ff_unrar.dll
2007-09-24 15:18:02 79872 --a------ C:\WINDOWS\System32\ff_tremor.dll
2007-09-24 15:18:02 143360 --a------ C:\WINDOWS\System32\ff_theora.dll
2007-09-24 15:18:02 122880 --a------ C:\WINDOWS\System32\ff_samplerate.dll
2007-09-24 15:18:02 97280 --a------ C:\WINDOWS\System32\ff_realaac.dll
2007-09-24 15:18:02 118784 --a------ C:\WINDOWS\System32\ff_libmad.dll
2007-09-24 15:18:02 245760 --a------ C:\WINDOWS\System32\ff_libfaad2.dll
2007-09-24 15:18:02 155648 --a------ C:\WINDOWS\System32\ff_libdts.dll
2007-09-24 15:18:02 40960 --a------ C:\WINDOWS\System32\ff_liba52.dll
2007-09-24 15:06:38 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-24 08:50:12 0 d-------- C:\Program Files\Visioneer OneTouch
2007-09-24 08:47:29 0 d-------- C:\Documents and Settings\Michael\Application Data\ScanSoft
2007-09-24 08:46:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-24 08:46:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-24 08:46:41 0 d-------- C:\Program Files\ScanSoft
2007-09-24 08:10:08 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2007-09-23 10:17:20 0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2007-09-22 22:40:31 0 d-------- C:\Program Files\Ahead
2007-09-22 22:28:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-22 09:40:10 207 --a------ C:\WINDOWS\PowerReg.dat
2007-09-22 09:39:16 0 d-------- C:\Program Files\EPSON
2007-09-21 10:34:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-21 08:15:29 0 d-------- C:\Program Files\uTorrent
2007-09-21 07:29:29 0 d-------- C:\Program Files\AGEIA Technologies
2007-09-21 07:29:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 05:57:33 0 d-------- C:\Documents and Settings\Michael\Application Data\EarthLink
2007-09-21 05:16:34 0 d-------- C:\Program Files\GiPo@Utilities
2007-09-21 05:16:34 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-09-21 03:53:50 0 d-------- C:\Program Files\Online Services
2007-09-21 03:35:27 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2007-09-21 03:32:57 0 d-------- C:\Documents and Settings\Michael\Application Data\Google
2007-09-21 03:19:14 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-21 03:18:53 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-09-21 03:15:11 0 d-------- C:\Program Files\Intel
2007-09-21 03:13:54 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2007-09-21 03:10:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-21 03:10:47 0 -rahs---- C:\MSDOS.SYS
2007-09-21 03:10:47 0 -rahs---- C:\IO.SYS
2007-09-21 03:10:47 0 --a------ C:\CONFIG.SYS
2007-09-21 03:10:47 0 --a------ C:\AUTOEXEC.BAT
2007-09-21 03:09:55 0 d-------- C:\Program Files\Movie Maker
2007-09-21 03:09:24 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-21 03:08:54 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-21 03:08:44 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-21 03:08:41 0 d-------- C:\Program Files\Windows NT
2007-09-20 23:04:51 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-20 23:04:48 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-20 23:04:30 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
2007-09-17 14:22:14 118784 --a------ C:\WINDOWS\System32\L6PODxt.dll <Not Verified; Line 6; >
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-11 04:17:30 81920 --a------ C:\WINDOWS\System32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-03 09:35:28 966656 --a------ C:\WINDOWS\System32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2007-08-20 19:26:52 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 19:26:52 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 11:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [06/28/2007 11:43 PM]
"EPSON Stylus Photo 820 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.exe" [04/10/2002 02:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [02/27/2003 01:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 05:30 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2007 03:32 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [10/5/2004 11:19:12 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2007-11-20 17:32:45 ------------



-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-19 22:19:26 0 dr-h----- C:\Documents and Settings\Michael\Recent
2007-11-19 21:28:04 0 d-------- C:\VundoFix Backups
2007-11-18 21:47:17 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2007-11-18 20:54:05 0 d-------- C:\Program Files\EarthLink
2007-11-18 20:40:02 437934 --ahs---- C:\WINDOWS\System32\qrqss.ini2
2007-11-18 18:27:48 0 d-------- C:\WINDOWS\System32\appmgmt
2007-11-18 11:49:44 0 d-------- C:\WINDOWS\System32\rMa01yy
2007-11-18 11:49:44 0 d-------- C:\Temp
2007-11-18 11:37:29 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-18 11:32:43 0 d-------- C:\Program Files\Activision
2007-11-18 10:11:24 0 d-------- C:\Garmin750 backup
2007-11-10 09:29:14 0 d-------- C:\Program Files\CD-DA X-Tractor
2007-11-08 21:48:22 0 d-------- C:\AG
2007-11-07 21:35:17 0 d-------- C:\Garmin
2007-10-25 10:41:26 0 d-------- C:\Program Files\Skype
2007-10-25 10:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-23 15:35:14 49152 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-10-23 15:35:03 0 d-------- C:\Program Files\Realtek
2007-10-23 15:35:01 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-10-22 23:00:11 56824 --a------ C:\WINDOWS\SnipIt-Uninstall.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-20 07:34:00 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-19 07:30:07 0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2007-11-18 21:27:38 0 d-------- C:\Program Files\SpywareBlaster
2007-11-18 18:27:45 0 d-------- C:\Program Files\Common Files
2007-11-18 18:26:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-18 00:01:12 0 d-------- C:\Program Files\Kuma Games
2007-11-02 21:51:34 0 d-------- C:\Program Files\Audacity
2007-10-15 22:25:58 0 d-------- C:\Documents and Settings\Michael\Application Data\ImgBurn
2007-10-15 22:25:37 0 d-------- C:\Program Files\ImgBurn
2007-10-15 22:21:50 0 d-------- C:\Program Files\Resounding
2007-10-10 12:24:21 86 --a------ C:\Documents and Settings\Michael\Application Data\22.cmd
2007-10-10 10:09:42 0 d-------- C:\Program Files\DiskCheckup
2007-10-09 23:30:46 0 d-------- C:\Documents and Settings\Michael\Application Data\SecondLife
2007-10-09 23:30:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2007-10-07 21:52:04 0 d-------- C:\Program Files\Line6
2007-10-07 21:27:29 0 d-------- C:\Program Files\Java
2007-10-07 21:17:25 0 d-------- C:\Documents and Settings\Michael\Application Data\Line 6
2007-10-03 00:23:29 0 d-------- C:\Program Files\MSI
2007-09-30 22:41:28 0 d-------- C:\Program Files\Google
2007-09-29 20:42:17 0 d-------- C:\Program Files\CCleaner
2007-09-27 13:12:52 0 d-------- C:\Program Files\RivaTuner v2.04
2007-09-27 13:11:56 0 d-------- C:\Documents and Settings\Michael\Application Data\DivX
2007-09-26 22:21:55 0 d-------- C:\Program Files\DVD Decrypter
2007-09-26 12:41:38 0 d-------- C:\Program Files\DivX
2007-09-25 20:53:53 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-09-25 20:53:30 0 d-------- C:\Program Files\Common Files\Java
2007-09-25 14:25:31 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-25 14:01:51 0 d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-25 13:43:22 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-09-25 13:42:48 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-25 09:36:34 0 d-------- C:\Program Files\EA SPORTS
2007-09-24 22:36:35 0 d-------- C:\Program Files\DVD Shrink
2007-09-24 15:18:02 662016 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-24 15:18:02 405504 --a------ C:\WINDOWS\System32\libmplayer.dll
2007-09-24 15:18:02 114688 --a------ C:\WINDOWS\System32\libmpeg2_ff.dll
2007-09-24 15:18:02 3196928 --a------ C:\WINDOWS\System32\libavcodec.dll
2007-09-24 15:18:02 8192 --a------ C:\WINDOWS\System32\FLT_ffdshow.dll
2007-09-24 15:18:02 533504 --a------ C:\WINDOWS\System32\ff_x264.dll
2007-09-24 15:18:02 26624 --a------ C:\WINDOWS\System32\ff_wmv9.dll
2007-09-24 15:18:02 38400 --a------ C:\WINDOWS\System32\ff_unrar.dll
2007-09-24 15:18:02 79872 --a------ C:\WINDOWS\System32\ff_tremor.dll
2007-09-24 15:18:02 143360 --a------ C:\WINDOWS\System32\ff_theora.dll
2007-09-24 15:18:02 122880 --a------ C:\WINDOWS\System32\ff_samplerate.dll
2007-09-24 15:18:02 97280 --a------ C:\WINDOWS\System32\ff_realaac.dll
2007-09-24 15:18:02 118784 --a------ C:\WINDOWS\System32\ff_libmad.dll
2007-09-24 15:18:02 245760 --a------ C:\WINDOWS\System32\ff_libfaad2.dll
2007-09-24 15:18:02 155648 --a------ C:\WINDOWS\System32\ff_libdts.dll
2007-09-24 15:18:02 40960 --a------ C:\WINDOWS\System32\ff_liba52.dll
2007-09-24 15:06:38 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-24 08:50:12 0 d-------- C:\Program Files\Visioneer OneTouch
2007-09-24 08:47:29 0 d-------- C:\Documents and Settings\Michael\Application Data\ScanSoft
2007-09-24 08:46:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-24 08:46:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-24 08:46:41 0 d-------- C:\Program Files\ScanSoft
2007-09-24 08:10:08 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2007-09-23 10:17:20 0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2007-09-22 22:40:31 0 d-------- C:\Program Files\Ahead
2007-09-22 22:28:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-22 09:40:10 207 --a------ C:\WINDOWS\PowerReg.dat
2007-09-22 09:39:16 0 d-------- C:\Program Files\EPSON
2007-09-21 10:34:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-21 08:15:29 0 d-------- C:\Program Files\uTorrent
2007-09-21 07:29:29 0 d-------- C:\Program Files\AGEIA Technologies
2007-09-21 07:29:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 05:57:33 0 d-------- C:\Documents and Settings\Michael\Application Data\EarthLink
2007-09-21 05:16:34 0 d-------- C:\Program Files\GiPo@Utilities
2007-09-21 05:16:34 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-09-21 03:53:50 0 d-------- C:\Program Files\Online Services
2007-09-21 03:35:27 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2007-09-21 03:32:57 0 d-------- C:\Documents and Settings\Michael\Application Data\Google
2007-09-21 03:19:14 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-21 03:18:53 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-09-21 03:15:11 0 d-------- C:\Program Files\Intel
2007-09-21 03:13:54 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2007-09-21 03:10:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-21 03:10:47 0 -rahs---- C:\MSDOS.SYS
2007-09-21 03:10:47 0 -rahs---- C:\IO.SYS
2007-09-21 03:10:47 0 --a------ C:\CONFIG.SYS
2007-09-21 03:10:47 0 --a------ C:\AUTOEXEC.BAT
2007-09-21 03:09:55 0 d-------- C:\Program Files\Movie Maker
2007-09-21 03:09:24 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-21 03:08:54 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-21 03:08:44 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-21 03:08:41 0 d-------- C:\Program Files\Windows NT
2007-09-20 23:04:51 0 d-------- C:\Program Files\Common Files\ODBC
2007-09-20 23:04:48 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-20 23:04:30 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
2007-09-17 14:22:14 118784 --a------ C:\WINDOWS\System32\L6PODxt.dll <Not Verified; Line 6; >
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-11 04:17:30 81920 --a------ C:\WINDOWS\System32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-03 09:35:28 966656 --a------ C:\WINDOWS\System32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2007-08-20 19:26:52 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 19:26:52 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 11:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [06/28/2007 11:43 PM]
"EPSON Stylus Photo 820 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.exe" [04/10/2002 02:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [02/27/2003 01:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 05:30 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2007 03:32 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [10/5/2004 11:19:12 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2007-11-20 17:39:56 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 2047.22 MiB / 1699.48 MiB
Pagefile Memory (total/avail): 3944.15 MiB / 3725.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.12 MiB

C: is Fixed (NTFS) - 298.08 GiB total, 173.84 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.
AUState says computer is in an unknown state.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=INTEROSSITOR-6
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\INTEROSSITOR-6
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
USERDOMAIN=INTEROSSITOR-6
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Michael (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /X{1AFDB2AB-DF91-47B8-8A9C-A6E4BBAD562B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Ahead Nero - Burning Rom --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BugOff 1.10 --> C:\Documents and Settings\Michael\Local Settings\Temp\BugOff.exe /uninstall
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-DA X-Tractor v0.24 --> "C:\Program Files\CD-DA X-Tractor\unins000.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EarthLink spamBlocker Add-On --> MsiExec.exe /I{45EF1D41-FAC7-4204-A0B1-D9F05E0C7DB6}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Michael\Desktop\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2_15 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Line 6 Drivers 3.3.3.6 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.3.3.6\Uninstall.exe
Line 6 Monkey 1.19 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.20 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Media Player Codec Pack 1.1.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft Office XP Professional --> MsiExec.exe /I{92110409-6000-11D3-8CFE-0050048383C9}
MSIHQ USB Bootable Tool and BIOS Helper ver: 1.15a 2007 --> "F:\MSIHQ USB Bootable Tool and BIOS Helper\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
PaperPort 9.0 --> MsiExec.exe /I{FDCE9C15-EB45-11D5-89C7-0050DA162A25}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RivaTuner v2.04 --> "C:\Program Files\RivaTuner v2.04\uninstall.exe"
Roger Wilco --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
Send To Extensions PowerToy --> rundll32.exe C:\WINDOWS\System32\ShellExt\SENDTOX.DLL,Configure C:\WINDOWS\System32\ShellExt\SendToX.inf
Snip It! button for http://www.snip.pl, version 2.0 --> "C:\WINDOWS\SnipIt-Uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Visioneer 8100 Scanner --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type829 / Error
Event Submitted/Written: 11/18/2007 07:03:53 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type828 / Error
Event Submitted/Written: 11/18/2007 07:03:53 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type815 / Error
Event Submitted/Written: 11/18/2007 06:28:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type814 / Error
Event Submitted/Written: 11/18/2007 06:28:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type798 / Error
Event Submitted/Written: 11/18/2007 11:49:44 AM
Event ID/Source: 100 / AVG7
Event Description:
2007-11-18 16:49:44,218 INTEROSSITOR-6 [001900:001908] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(3088) call failed with WIN32 error 87, returning session id is 0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5545 / Error
Event Submitted/Written: 11/18/2007 09:53:28 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E9376CC6-121A-447E-81CF-D8BCC200007C}

Event Record #/Type5499 / Error
Event Submitted/Written: 11/18/2007 08:34:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type5498 / Error
Event Submitted/Written: 11/18/2007 07:05:28 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Event Record #/Type5497 / Error
Event Submitted/Written: 11/18/2007 07:05:28 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type5496 / Error
Event Submitted/Written: 11/18/2007 07:05:28 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-11-20 17:32:45 ------------
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 21st, 2007, 4:58 am

Hi

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Remember to unhide them when you're clean again.

Delete these:

C:\WINDOWS\System32\qrqss.ini2
C:\WINDOWS\System32\rMa01yy

Empty Recycle Bin

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

It should look like this -> Image

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Re-run dss.

Post dss log (main.txt only).
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 21st, 2007, 8:26 am

I was able to do all but merge\add the fix.reg file .. the error said it was not a valid reg script .. here is the dss main

Deckard's System Scanner v20071014.68
Run by Michael on 2007-11-21 07:29:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:41 AM, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\DOCUME~1\Michael\Desktop\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4713 bytes

-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-19 22:19:26 0 dr-h----- C:\Documents and Settings\Michael\Recent
2007-11-19 21:28:04 0 d-------- C:\VundoFix Backups
2007-11-18 21:47:17 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2007-11-18 20:54:05 0 d-------- C:\Program Files\EarthLink
2007-11-18 20:40:02 437934 --ahs---- C:\WINDOWS\System32\qrqss.ini2
2007-11-18 18:27:48 0 d-------- C:\WINDOWS\System32\appmgmt
2007-11-18 11:49:44 0 d-------- C:\Temp
2007-11-18 11:37:29 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-18 11:32:43 0 d-------- C:\Program Files\Activision
2007-11-18 10:11:24 0 d-------- C:\Garmin750 backup
2007-11-10 09:29:14 0 d-------- C:\Program Files\CD-DA X-Tractor
2007-11-08 21:48:22 0 d-------- C:\AG
2007-11-07 21:35:17 0 d-------- C:\Garmin
2007-10-25 10:41:26 0 d-------- C:\Program Files\Skype
2007-10-25 10:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-23 15:35:14 49152 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-10-23 15:35:03 0 d-------- C:\Program Files\Realtek
2007-10-23 15:35:01 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-10-22 23:00:11 56824 --a------ C:\WINDOWS\SnipIt-Uninstall.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-20 22:36:59 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-19 07:30:07 0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2007-11-18 21:27:38 0 d-------- C:\Program Files\SpywareBlaster
2007-11-18 18:27:45 0 d-------- C:\Program Files\Common Files
2007-11-18 18:26:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-18 00:01:12 0 d-------- C:\Program Files\Kuma Games
2007-11-02 21:51:34 0 d-------- C:\Program Files\Audacity
2007-10-15 22:25:58 0 d-------- C:\Documents and Settings\Michael\Application Data\ImgBurn
2007-10-15 22:25:37 0 d-------- C:\Program Files\ImgBurn
2007-10-15 22:21:50 0 d-------- C:\Program Files\Resounding
2007-10-10 12:24:21 86 --a------ C:\Documents and Settings\Michael\Application Data\22.cmd
2007-10-10 10:09:42 0 d-------- C:\Program Files\DiskCheckup
2007-10-09 23:30:46 0 d-------- C:\Documents and Settings\Michael\Application Data\SecondLife
2007-10-09 23:30:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2007-10-07 21:52:04 0 d-------- C:\Program Files\Line6
2007-10-07 21:27:29 0 d-------- C:\Program Files\Java
2007-10-07 21:17:25 0 d-------- C:\Documents and Settings\Michael\Application Data\Line 6
2007-10-03 00:23:29 0 d-------- C:\Program Files\MSI
2007-09-30 22:41:28 0 d-------- C:\Program Files\Google
2007-09-29 20:42:17 0 d-------- C:\Program Files\CCleaner
2007-09-27 13:12:52 0 d-------- C:\Program Files\RivaTuner v2.04
2007-09-27 13:11:56 0 d-------- C:\Documents and Settings\Michael\Application Data\DivX
2007-09-26 22:21:55 0 d-------- C:\Program Files\DVD Decrypter
2007-09-26 12:41:38 0 d-------- C:\Program Files\DivX
2007-09-25 20:53:53 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-09-25 20:53:30 0 d-------- C:\Program Files\Common Files\Java
2007-09-25 14:25:31 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-25 14:01:51 0 d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-25 13:43:22 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-09-25 13:42:48 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-25 09:36:34 0 d-------- C:\Program Files\EA SPORTS
2007-09-24 22:36:35 0 d-------- C:\Program Files\DVD Shrink
2007-09-24 15:18:02 662016 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-24 15:18:02 405504 --a------ C:\WINDOWS\System32\libmplayer.dll
2007-09-24 15:18:02 114688 --a------ C:\WINDOWS\System32\libmpeg2_ff.dll
2007-09-24 15:18:02 3196928 --a------ C:\WINDOWS\System32\libavcodec.dll
2007-09-24 15:18:02 8192 --a------ C:\WINDOWS\System32\FLT_ffdshow.dll
2007-09-24 15:18:02 533504 --a------ C:\WINDOWS\System32\ff_x264.dll
2007-09-24 15:18:02 26624 --a------ C:\WINDOWS\System32\ff_wmv9.dll
2007-09-24 15:18:02 38400 --a------ C:\WINDOWS\System32\ff_unrar.dll
2007-09-24 15:18:02 79872 --a------ C:\WINDOWS\System32\ff_tremor.dll
2007-09-24 15:18:02 143360 --a------ C:\WINDOWS\System32\ff_theora.dll
2007-09-24 15:18:02 122880 --a------ C:\WINDOWS\System32\ff_samplerate.dll
2007-09-24 15:18:02 97280 --a------ C:\WINDOWS\System32\ff_realaac.dll
2007-09-24 15:18:02 118784 --a------ C:\WINDOWS\System32\ff_libmad.dll
2007-09-24 15:18:02 245760 --a------ C:\WINDOWS\System32\ff_libfaad2.dll
2007-09-24 15:18:02 155648 --a------ C:\WINDOWS\System32\ff_libdts.dll
2007-09-24 15:18:02 40960 --a------ C:\WINDOWS\System32\ff_liba52.dll
2007-09-24 15:06:38 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-24 08:50:12 0 d-------- C:\Program Files\Visioneer OneTouch
2007-09-24 08:47:29 0 d-------- C:\Documents and Settings\Michael\Application Data\ScanSoft
2007-09-24 08:46:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-24 08:46:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-24 08:46:41 0 d-------- C:\Program Files\ScanSoft
2007-09-24 08:10:08 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2007-09-23 10:17:20 0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2007-09-22 22:40:31 0 d-------- C:\Program Files\Ahead
2007-09-22 22:28:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-22 09:40:10 207 --a------ C:\WINDOWS\PowerReg.dat
2007-09-22 09:39:16 0 d-------- C:\Program Files\EPSON
2007-09-21 10:34:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-21 08:15:29 0 d-------- C:\Program Files\uTorrent
2007-09-21 07:29:29 0 d-------- C:\Program Files\AGEIA Technologies
2007-09-21 07:29:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 05:57:33 0 d-------- C:\Documents and Settings\Michael\Application Data\EarthLink
2007-09-21 05:16:34 0 d-------- C:\Program Files\GiPo@Utilities
2007-09-21 05:16:34 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-09-21 03:53:50 0 d-------- C:\Program Files\Online Services
2007-09-21 03:35:27 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2007-09-21 03:32:57 0 d-------- C:\Documents and Settings\Michael\Application Data\Google
2007-09-21 03:19:14 0 d--h----- C:\Program Files\WindowsUpdate
2007-09-21 03:18:53 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-09-21 03:15:11 0 d-------- C:\Program Files\Intel
2007-09-21 03:13:54 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2007-09-21 03:10:59 0 d-------- C:\Program Files\microsoft frontpage
2007-09-21 03:10:47 0 -rahs---- C:\MSDOS.SYS
2007-09-21 03:10:47 0 -rahs---- C:\IO.SYS
2007-09-21 03:10:47 0 --a------ C:\CONFIG.SYS
2007-09-21 03:10:47 0 --a------ C:\AUTOEXEC.BAT
2007-09-21 03:09:55 0 d-------- C:\Program Files\Movie Maker
2007-09-21 03:09:24 0 d-------- C:\Program Files\Common Files\MSSoap
2007-09-21 03:08:54 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-21 03:08:44 0 d-------- C:\Program Files\MSN Gaming Zone
2007-09-21 03:08:41 0 d-------- C:\Program Files\Windows NT
2007-09-20 23:04:30 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
2007-09-17 14:22:14 118784 --a------ C:\WINDOWS\System32\L6PODxt.dll <Not Verified; Line 6; >
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-11 04:17:30 81920 --a------ C:\WINDOWS\System32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-03 09:35:28 966656 --a------ C:\WINDOWS\System32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 11:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [06/28/2007 11:43 PM]
"EPSON Stylus Photo 820 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.exe" [04/10/2002 02:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [02/27/2003 01:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 05:30 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2007 03:32 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [10/5/2004 11:19:12 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2007-11-21 07:29:54 ------------
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 21st, 2007, 8:57 am

Hi

"I was able to do all but merge\add the fix.reg file .. the error said it was not a valid reg script .."

Did you save it as all files and included all this text (also REGEDIT4)?

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 21st, 2007, 6:21 pm

oops no .. didn't add the regedit 4 parameter .. works now
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm

Re: looks like I got hit by a drive by website

Unread postby Shaba » November 22nd, 2007, 4:32 am

Hi

Ok, then re-run dss and post its log here, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: looks like I got hit by a drive by website

Unread postby lagger » November 22nd, 2007, 9:09 am

so far it seems your efforts have done the job, so thanks in advance of any further steps and advice you have for me

Deckard's System Scanner v20071014.68
Run by Michael on 2007-11-22 08:08:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:27 AM, on 11/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\RivaTuner v2.04\RivaTuner.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\DOCUME~1\Michael\Desktop\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.04\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O9 - Extra 'Tools' menuitem: Snip It! - {C3881663-B3FA-49F4-BA57-183B02F47280} - res://snipit.dll/101 (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4769 bytes

-- Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-21 23:46:03 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11
2007-11-21 23:46:03 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2007-11-19 22:19:26 0 dr-h----- C:\Documents and Settings\Michael\Recent
2007-11-19 21:28:04 0 d-------- C:\VundoFix Backups
2007-11-18 21:47:17 0 d--h----- C:\WINDOWS\System32\GroupPolicy
2007-11-18 20:54:05 0 d-------- C:\Program Files\EarthLink
2007-11-18 20:40:02 437934 --ahs---- C:\WINDOWS\System32\qrqss.ini2
2007-11-18 18:27:48 0 d-------- C:\WINDOWS\System32\appmgmt
2007-11-18 11:49:44 0 d-------- C:\Temp
2007-11-18 11:37:29 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-18 11:32:43 0 d-------- C:\Program Files\Activision
2007-11-18 10:11:24 0 d-------- C:\Garmin750 backup
2007-11-10 09:29:14 0 d-------- C:\Program Files\CD-DA X-Tractor
2007-11-08 21:48:22 0 d-------- C:\AG
2007-11-07 21:35:17 0 d-------- C:\Garmin
2007-10-25 10:41:26 0 d-------- C:\Program Files\Skype
2007-10-25 10:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-23 15:35:14 49152 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-10-23 15:35:03 0 d-------- C:\Program Files\Realtek
2007-10-23 15:35:01 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-10-22 23:00:11 56824 --a------ C:\WINDOWS\SnipIt-Uninstall.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-22 00:10:06 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-22 00:09:38 0 d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2007-11-18 21:27:38 0 d-------- C:\Program Files\SpywareBlaster
2007-11-18 18:27:45 0 d-------- C:\Program Files\Common Files
2007-11-18 18:26:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-18 00:01:12 0 d-------- C:\Program Files\Kuma Games
2007-11-02 21:51:34 0 d-------- C:\Program Files\Audacity
2007-10-15 22:25:58 0 d-------- C:\Documents and Settings\Michael\Application Data\ImgBurn
2007-10-15 22:25:37 0 d-------- C:\Program Files\ImgBurn
2007-10-15 22:21:50 0 d-------- C:\Program Files\Resounding
2007-10-10 12:24:21 86 --a------ C:\Documents and Settings\Michael\Application Data\22.cmd
2007-10-10 10:09:42 0 d-------- C:\Program Files\DiskCheckup
2007-10-09 23:30:46 0 d-------- C:\Documents and Settings\Michael\Application Data\SecondLife
2007-10-09 23:30:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2007-10-07 21:52:04 0 d-------- C:\Program Files\Line6
2007-10-07 21:27:29 0 d-------- C:\Program Files\Java
2007-10-07 21:17:25 0 d-------- C:\Documents and Settings\Michael\Application Data\Line 6
2007-10-03 00:23:29 0 d-------- C:\Program Files\MSI
2007-09-30 22:41:28 0 d-------- C:\Program Files\Google
2007-09-29 20:42:17 0 d-------- C:\Program Files\CCleaner
2007-09-27 13:12:52 0 d-------- C:\Program Files\RivaTuner v2.04
2007-09-27 13:11:56 0 d-------- C:\Documents and Settings\Michael\Application Data\DivX
2007-09-26 22:21:55 0 d-------- C:\Program Files\DVD Decrypter
2007-09-26 12:41:38 0 d-------- C:\Program Files\DivX
2007-09-25 20:53:53 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-09-25 20:53:30 0 d-------- C:\Program Files\Common Files\Java
2007-09-25 14:25:31 0 d-------- C:\Program Files\NVIDIA Corporation
2007-09-25 14:01:51 0 d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2007-09-25 13:43:22 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-09-25 13:42:48 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-25 09:36:34 0 d-------- C:\Program Files\EA SPORTS
2007-09-24 22:36:35 0 d-------- C:\Program Files\DVD Shrink
2007-09-24 15:18:02 662016 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-24 15:18:02 405504 --a------ C:\WINDOWS\System32\libmplayer.dll
2007-09-24 15:18:02 114688 --a------ C:\WINDOWS\System32\libmpeg2_ff.dll
2007-09-24 15:18:02 3196928 --a------ C:\WINDOWS\System32\libavcodec.dll
2007-09-24 15:18:02 8192 --a------ C:\WINDOWS\System32\FLT_ffdshow.dll
2007-09-24 15:18:02 533504 --a------ C:\WINDOWS\System32\ff_x264.dll
2007-09-24 15:18:02 26624 --a------ C:\WINDOWS\System32\ff_wmv9.dll
2007-09-24 15:18:02 38400 --a------ C:\WINDOWS\System32\ff_unrar.dll
2007-09-24 15:18:02 79872 --a------ C:\WINDOWS\System32\ff_tremor.dll
2007-09-24 15:18:02 143360 --a------ C:\WINDOWS\System32\ff_theora.dll
2007-09-24 15:18:02 122880 --a------ C:\WINDOWS\System32\ff_samplerate.dll
2007-09-24 15:18:02 97280 --a------ C:\WINDOWS\System32\ff_realaac.dll
2007-09-24 15:18:02 118784 --a------ C:\WINDOWS\System32\ff_libmad.dll
2007-09-24 15:18:02 245760 --a------ C:\WINDOWS\System32\ff_libfaad2.dll
2007-09-24 15:18:02 155648 --a------ C:\WINDOWS\System32\ff_libdts.dll
2007-09-24 15:18:02 40960 --a------ C:\WINDOWS\System32\ff_liba52.dll
2007-09-24 15:06:38 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-24 08:50:12 0 d-------- C:\Program Files\Visioneer OneTouch
2007-09-24 08:47:29 0 d-------- C:\Documents and Settings\Michael\Application Data\ScanSoft
2007-09-24 08:46:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-24 08:46:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-24 08:46:41 0 d-------- C:\Program Files\ScanSoft
2007-09-24 08:10:08 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2007-09-23 10:17:20 0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2007-09-22 22:40:31 0 d-------- C:\Program Files\Ahead
2007-09-22 22:28:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-22 09:40:10 207 --a------ C:\WINDOWS\PowerReg.dat
2007-09-22 09:39:16 0 d-------- C:\Program Files\EPSON
2007-09-21 03:18:53 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-09-21 03:10:47 0 -rahs---- C:\MSDOS.SYS
2007-09-21 03:10:47 0 -rahs---- C:\IO.SYS
2007-09-21 03:10:47 0 --a------ C:\CONFIG.SYS
2007-09-21 03:10:47 0 --a------ C:\AUTOEXEC.BAT
2007-09-21 03:08:54 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-09-20 23:04:30 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
2007-09-17 14:22:14 118784 --a------ C:\WINDOWS\System32\L6PODxt.dll <Not Verified; Line 6; >
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-11 04:17:30 81920 --a------ C:\WINDOWS\System32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-03 09:35:28 966656 --a------ C:\WINDOWS\System32\VSFilter.dll <Not Verified; Gabest; VSFilter>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 11:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/28/2007 11:43 PM]
"nwiz"="nwiz.exe" [06/28/2007 11:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [06/28/2007 11:43 PM]
"EPSON Stylus Photo 820 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.exe" [04/10/2002 02:00 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [02/27/2003 01:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.04\RivaTuner.exe" [09/15/2007 10:40 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 05:30 PM C:\WINDOWS\RTHDCPL.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2007 03:32 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [10/5/2004 11:19:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\VISION~1\ONETOU~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2007-11-22 08:08:43 ------------
lagger
Regular Member
 
Posts: 43
Joined: April 23rd, 2007, 4:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware