Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help w/ ie redirect, hijackthis log enclosed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

please help w/ ie redirect, hijackthis log enclosed

Unread postby bryan2469 » September 21st, 2007, 4:25 pm

My IE redirects. Any help is greatly appreciated. Here's the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:42:42 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3329 bytes
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm
Advertisement
Register to Remove

Unread postby random/random » September 21st, 2007, 5:33 pm

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please help w/ ie redirect, hijackthis log enclosed

Unread postby bryan2469 » September 21st, 2007, 6:06 pm

Thanks. Here's the new version:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:32 PM, on 9/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3154 bytes
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » September 22nd, 2007, 6:11 pm

Then please upload this file:

C:\WINDOWS\System32\datacle.dll

To either jotti or virustotal & post the results along with a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby bryan2469 » September 23rd, 2007, 9:29 am

SlovenÅ¡čina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File datacle.dll_ received on 09.23.2007 15:16:21 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 8/32 (25%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.09.23 -
Avast 4.7.1043.0 2007.09.22 -
AVG 7.5.0.485 2007.09.22 -
BitDefender 7.2 2007.09.23 Trojan.Conhook.Y
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.23 -
DrWeb 4.33 2007.09.23 Trojan.Iespy
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.23 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.21 W32/BHO.QG
Ikarus T3.1.1.12 2007.09.23 -
Kaspersky 4.0.2.24 2007.09.23 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.23 -
NOD32v2 2545 2007.09.23 -
Norman 5.80.02 2007.09.21 W32/BHO.QG
Panda 9.0.0.4 2007.09.23 Suspicious file
Prevx1 V2 2007.09.23 Heuristic: Suspicious Self Modifying EXE
Rising 19.41.62.00 2007.09.23 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.23 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.22 -
Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Dldr.ConHook.Gen
Additional information
File size: 102590 bytes
MD5: 5505226ba132a476df5f62dc9f15d609
SHA1: 8e7ceae1cd8c54026564830903e9b9cf2f0176ad
packers: MORPHINE, UPX
packers: Morphine
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 00CAC30510


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:27:11 AM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3406 bytes
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » September 23rd, 2007, 5:23 pm

You posted a log from the old beta version you had

Please delete the older version and post a new log from the new HijackThis I had you download
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby bryan2469 » September 24th, 2007, 6:28 am

Sorry, here's the new scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:49 AM, on 9/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 3187 bytes
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » September 24th, 2007, 2:01 pm

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

Then close all windows except HijackThis and click Fix Checked

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby bryan2469 » September 25th, 2007, 6:00 pm

ESET scan:

a variant if Win32/Rootkit.Agent.NDA trojan

C:\Documents and Settings\Owner\Local Settings\Temp\gyygn.exe

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:14 PM, on 9/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 2934 bytes

NOTE: IE is apparently no longer redirecting.
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » September 26th, 2007, 1:11 pm

Download ATF Cleaner by Atribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic, along with a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby bryan2469 » September 26th, 2007, 6:19 pm

09/26/07 17:45:09 [Info]: BlackLight Engine 1.0.64 initialized
09/26/07 17:45:09 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/26/07 17:45:09 [Note]: 7019 4
09/26/07 17:45:09 [Note]: 7005 0
09/26/07 17:45:27 [Note]: 7006 0
09/26/07 17:45:27 [Note]: 7022 0
09/26/07 17:45:27 [Note]: 7011 1084
09/26/07 17:45:27 [Note]: 7026 0
09/26/07 17:45:27 [Note]: 7026 0
09/26/07 17:45:35 [Note]: FSRAW library version 1.7.1022
09/26/07 18:12:12 [Note]: 7007 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:32 PM, on 9/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 2902 bytes
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » September 28th, 2007, 8:09 am

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


Also, do you have an active antivirus and firewall installed?
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby bryan2469 » October 1st, 2007, 6:47 pm

Deckard's System Scanner v20070905.67
Run by Owner on 2007-10-01 18:32:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
116: 2007-10-01 22:32:26 UTC - RP737 - Deckard's System Scanner Restore Point
115: 2007-10-01 13:54:33 UTC - RP736 - System Checkpoint
114: 2007-09-30 13:41:02 UTC - RP735 - System Checkpoint
113: 2007-09-29 12:41:02 UTC - RP734 - System Checkpoint
112: 2007-09-28 11:41:01 UTC - RP733 - System Checkpoint


-- First Restore Point --
1: 2007-07-04 03:05:05 UTC - RP622 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:51 PM, on 10/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anyone')
O4 - HKUS\S-1-5-21-874574627-809299238-1685927933-1006\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Anyone')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Documents and Settings\Owner\Desktop\belkin3\WLService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 2745 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070924-205258-467 O2 - BHO: (no name) - {AF6906F0-0800-4815-975A-A891D3428BA4} - C:\WINDOWS\System32\datacle.dll
backup-20070924-205258-695 O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
backup-20070924-205258-916 O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
backup-20070926-073313-484 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 PCDRDRV (Pcdr CPU Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 S3SavageNB - c:\windows\system32\drivers\s3gnbm.sys <Not Verified; S3 Graphics, Inc.; S3 ProSavage & Twister Miniport Driver>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20070117.002\symidsco.sys (file missing)
S4 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
S4 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Adaptec; Adaptec's CDRAL>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\documents and settings\owner\desktop\belkin3\wlservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3CD8820E500
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3CD8820E500
Service: NIC1394

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: HP PS2 Keyboard (2K - 3)
Device ID: ACPI\PNP0303\4&163C0F35&0
Manufacturer: Hewlett-Packard
Name: HP PS2 Keyboard (2K - 3)
PNP Device ID: ACPI\PNP0303\4&163C0F35&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2007-10-01 11:07:29 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2005-02-01 15:48:48 296 --a------ C:\WINDOWS\Tasks\ScanDisc.job


-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-10-01 18:19:17 583368 --a------ C:\dss.exe
2007-09-28 08:10:21 0 d-------- C:\Program Files\FireTrust
2007-09-28 08:09:03 1522172 --a------ C:\sitehound_ie_15.exe
2007-09-24 20:54:57 0 d-------- C:\Program Files\EsetOnlineScanner
2007-09-21 18:02:25 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-09-28 08:45:42 0 d-------- C:\Program Files\My Movies
2007-09-28 08:45:36 0 d-------- C:\Program Files\Movie Maker
2007-09-10 06:20:52 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-08-12 17:26:21 0 d-------- C:\Program Files\support.com
2007-08-12 16:36:46 0 d-------- C:\Program Files\Common Files
2007-08-12 16:36:46 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-08-08 16:30:12 19456 --a------ C:\WINDOWS\System32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2007-08-04 07:47:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-02 18:11:28 253952 --a------ C:\WINDOWS\System32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-08-02 18:11:14 241664 --a------ C:\WINDOWS\System32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-07-27 15:49:02 225355 --a------ C:\WINDOWS\System32\lnod32apiW.dll
2007-07-27 15:49:02 196683 --a------ C:\WINDOWS\System32\lnod32apiA.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/29/2005 03:47 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [07/28/2003 09:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"LaunchComcastOnlineInstall"=
"SWHelper"="C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
backup=C:\WINDOWS\pss\hp center UI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adaptec DirectCD]
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getca]
C:\Documents and Settings\Owner\Desktop\belkin1\InfoMyCa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net-It Launcher]
C:\WINDOWS\System32\NILaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA\rfagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-01 18:38:07 ------------

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1700MHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.53 MiB / 185.8 MiB
Pagefile Memory (total/avail): 1246.94 MiB / 1025.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.71 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.9 GiB total, 40.83 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380020A - 76.32 GiB - 2 partitions
\PARTITION0 - Unknown - 4.41 GiB
\PARTITION1 (bootable) - Installable File System - 71.9 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP1
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HP1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program files\PC-Doctor for Windows XP\WINDSAPI
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=000a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HP1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Anyone
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Home Architect Deluxe --> C:\WINDOWS\uninst.exe -fC:\3dhmedlx\DeIsL1.isu
3D Home Architect Design Suite Deluxe 6 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BC595C7E-899E-44C1-8B25-8763853FF20C}
ACT! 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ACT\Uninst5.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Adaptec Easy CD Creator 4 --> "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Photoshop Album 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Documents and Settings\Owner\Desktop\belkin3\setup.exe" -l0x9
Better Homes and Gardens Home Designer 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B49720-BF6E-476B-B86A-63AD5FE7E34A}\setup.exe" -l0x9
Broderbund Home Design 5.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{EA10FC33-3DBC-4268-A90E-1681760FD417}
Business Plan Pro 2003 --> MsiExec.exe /I{22FB2CBD-6703-4EF2-BC8E-0C100B94984C}
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Crystal Reports for Peachtree (Evaluation) --> MsiExec.exe /I{C0774966-2821-11D3-B32D-00A0C9DA500E}
ESET Online Scanner --> C:\WINDOWS\System32\OnlineScannerUninstaller.exe
eSignal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03EA3D6E-D92B-11D0-892B-00A0C91827B3}\setup.exe" -uninst
FAS Depreciation Guide --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FAS\DISWIN\Uninst.isu"
FAS for Peachtree v2002.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E973740-D21C-11D5-A5E3-005004685724}\setup.exe"
GemMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B40514BB-56EC-11D5-A8E1-00A0CC663B7C}\setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=\\HP2\HPDESKJE.2 -vproduct=3820 -huninstall
hp deskjet 5600 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 5600 series
hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD}
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
HP Software Update --> MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Intel RSX 3D --> C:\WINDOWS\System32\rsxunins.exe
InterVideo WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lotus SmartSuite Release 9 --> C:\WINDOWS\lunin11.exe /T SmartSuite /V 98.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O /L EN
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
MetaStock Professional 7.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Equis\Uninst.isu"
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
MGI PhotoSuite 8.1 (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! 1.0 --> C:\Program Files\Microsoft Picture It!\Setup\setup.exe
Microsoft Works 4.0 --> C:\Program Files\MSWorks\Setup40\setup.exe
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works and Money 2001 Setup Launcher --> C:\Program Files\Microsoft Works and Money 2001\Setup\Launcher.exe d:\
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
My Photo Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\My Photo Center\Uninst.isu"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OLYMPUS CAMEDIA Master 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
Peachtree Complete Accounting 2003 SR1 --> C:\WINDOWS\IsUninst.exe -fC:\PEACHW\DeisPT.isu
Peachtree Complete Accounting Plus Time & Billing --> C:\WINDOWS\IsUninst.exe -fC:\PEACHW\DeisPT.isu
PhotoACT --> C:\WINDOWS\uninst.exe -f"C:\Program Files\PhotoACT\DeIsL1.isu" -c"C:\Program Files\PhotoACT\_ISREG32.DLL"
PigPen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F20ADFD-5679-11D5-A8E1-00A0CC663B7C}\setup.exe"
Punch! Professional Home Design - Platinum --> C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
S3 Gamma --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility --> S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
SabreWing 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FD84C01-F268-4E99-A7D5-533D04722C4B}\setup.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sony PTP USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA9CC257-D15D-4254-8323-AA046098B122}\setup.exe"
Speedway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42977380-5628-11D5-A8E1-00A0CC53785B}\setup.exe"
Studio --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pinnacle\Studio\Studio7.isu" -a -cC:\WINDOWS\Studio7.dll
Tax Forms Helper 2006 7.5 --> "C:\Program Files\Adams Business Forms\Tax Forms Helper 2006\unins000.exe"
Terayon DOCSIS Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5233412 / Error
Event Submitted/Written: 09/24/2007 09:30:44 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type5233411 / Error
Event Submitted/Written: 09/24/2007 09:30:38 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type5233410 / Error
Event Submitted/Written: 09/24/2007 09:30:32 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type5233409 / Error
Event Submitted/Written: 09/24/2007 09:30:26 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type5233408 / Error
Event Submitted/Written: 09/24/2007 09:30:20 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2007-10-01 18:38:07 ------------

And... NO, I currently have no firewall or anti-virus software installed. A couple of months ago, I had serious computer problems; Computer guy fixed and removed all anti-virus & firewall programs.
What should I install for best results?
bryan2469
Active Member
 
Posts: 7
Joined: September 21st, 2007, 4:09 pm

Unread postby random/random » October 2nd, 2007, 2:28 pm

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  4. Do the same for each Viewpoint component.

You do not appear to be running a realtime antivirus, this is leaving you open to infection
Please install one of the following free antivirus programs:


Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download & install a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Do you have any symantec products installed?
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby askey127 » October 17th, 2007, 9:47 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 360 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware