Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware or Me??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware or Me??

Unread postby SunknTresr » August 8th, 2007, 1:12 am

Either I'm losing my mind (which is quite possible!) or I have a very secret, very hidden, infection of some sort that has more control over my pc than I do!! I have just re-installed Windows XP Home for the umpteenth time because whatever this is, it keeps locking me out of programs, changing system settings/configurations, and then repeating the process by re-installing itself with every installation. I do a complete wipe of the hard drive and reformat with each install. It takes approx. one week before Im having to re-install again. It disables my anti-virus (and any other AV that I try to install) but it's sneaky enough to make it look like the AV is active. I have Norton Internet Security 2005 as well as Norton Systemworks which always comes up with clean scans, yet my Windows Firewall doesn't even recognize that there is an AV installed! When I dont even have my cable modem plugged in, my computer still shows active file sharing/transferring thru "connectionless connections". ( I found a config file that said connectionless setting, I didn't even know there was such a thing!) Everything seems to be routed thru my desktop and after each re-install I have hundreds of hidden desktop.ini files. My IE page re-routes me anytime I try to go to any of the major sites such as microsoft.com, symantec.com, mcafee.com, etc....

I've actually gotten so frustrated with this I took my laptop into a computer repair shop and they kept it for 2 1/2 months only to tell me there's nothing wrong with it. I've tried every system scan, malware check, and anti-virus detection tools I can find and nothing can be found. I think because the culprits are hiding as system files (winlogon, svchost, explorer.exe) they're being overlooked by the utilities I'm using to detect them! What first alerted me to them was my system resources were being hogged, then I would notice that I couldn't access certain files even tho I'm the only user on this computer (usually as Admin or Owner). I could be gone for the weekend and not even be on my computer, yet files were being modified and settings were being changed somehow. Eventually, as I said usually within a week, I'm locked out of windows completely, asked for an Administrative Password that I didn't set! And it asks for the password in both regular and safe mode, so there's no getting around it.

What is this creature, how does it keep keep installing itself onto a clean hard drive, and how in the *&@#!(^ do I get rid of it????
SunknTresr
Active Member
 
Posts: 6
Joined: May 28th, 2007, 11:40 pm
Location: N. Cali
Advertisement
Register to Remove

Unread postby Katana » August 12th, 2007, 8:53 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please note that I am training, this means that any reply I give to you has to be checked first by an expert.
I apologize for any delay this might cause.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Download HJT

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Again....

Unread postby SunknTresr » August 13th, 2007, 6:16 pm

I tried pasting my HJT log several times now and I keep getting "Invalid Session" messages telling me to re-post it, so here I am trying again....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:35 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wpabaln.exe
C:\PROGRA~1\COMMON~1\aol\118681~1\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186815178\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D86D4C0-CA14-46FA-87EE-4BAA3ABB8D27}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 2343 bytes
SunknTresr
Active Member
 
Posts: 6
Joined: May 28th, 2007, 11:40 pm
Location: N. Cali

Unread postby Katana » August 14th, 2007, 12:51 am

Hi SunknTresr,

From your first post it sounds as if you are having a lot of troubles :(
I apologise now if some of the steps I ask you to do you have already tried, but I will need to see the results.

A few questions, and then a couple of scans

When you reinstall your OS, you do a full reformat of the disc ? or a repair install ?
Do you use any secondary harddrives, pen drives or other external media ?
Are there any web sites that you vist on a regular basis before this problem occurs ?
Does anyone else have access to the machine ?
Your log does not show any Anti Virus, You mention that you have trouble with this so I am just checking that you have installed it

Now the next question upsets some people, but unfortunately I have to ask it
Your log shows "Windows WPA Balloon Reminder" as running, is this a licenced copy of XP ?

Now for the scans

Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Installed Programs
Please could you give me a list of the programs that are installed. This will help me create a fix for you.
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • The answers to my questions
  • main.txt
  • extra.txt
  • Installed Programs list
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Grrrrrrrrrrr

Unread postby SunknTresr » August 15th, 2007, 1:54 pm

I did as you said and I downloaded Deckers System Scanner to my desktop, however everytime I try to run it I get an error message saying "dss.exe has encountered a problem and needs to close." It will NOT scan for more than 30 seconds before I get the error msg. Now what?

To answer your questions, this re-install that I have now is about 5 days old and it usually takes me about a week before I start getting locked out of programs and such. There is very little installed on here, including any AntiVirus. That is because somewhere in this computer is a configuration set to disable any AV that I install. I have re-installed both Norton, and WindowsXP so many times that I've reached the maximum amount of registrations for both products. Thats why you're seeing the "register my windows product" still showing from this install. I have 2 different retail, authentic, XP CD's. The XP CD that I bought by accident which is an XP Upgrade, and the original XP that Microsoft sent me along with my computer. Purely by accident tho, I put in one of those CD's the other night to re-install one of the folders I was being locked out of, and I noticed alot of files that I didn't think should belong on a Windows XP Installation. Information and settings for Yahoo, as well as for Zone Alarm???? Those are two of my files that always get corrupted when I try to install them, so why would they be showing on my XP CD, or is it those are the files saved to my CD drive and they're being displayed instead of what's on my CD? I'm confused, but I think that's how the re-install keeps being re-infected! For every re-install I do a complete deleting of the partition, and reformating, which supposedly deletes all the files already on the computer. Yet during every re-install, there are those same infected folders with all the mis-configurations for my Windows XP. I have no other hard drives, no other external anything. I have my computer, a printer, a cable modem and router. Nothing else connected to or from the PC. The majority of websites I visit are AOL to check my email, as well as Yahoo, and my search engine that I use is Dogpile. Due to this infection I've searched alot trying to find how to fix my infected computer but I've had no such luck, so here I am.

Here is my HJT log as to what programs I have installed on this install of XP.....

Adobe Flash Player 9 ActiveX
AOL Uninstaller (Choose which Products to Remove)
HijackThis 2.0.2
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 2
Mozilla Firefox (2.0.0.6)
Realtek AC'97 Audio
Unlocker 1.8.5
Viewpoint Media Player
Yahoo! Messenger
SunknTresr
Active Member
 
Posts: 6
Joined: May 28th, 2007, 11:40 pm
Location: N. Cali

Unread postby Katana » August 16th, 2007, 4:46 am

Hi SunknTresr,
Your XP registration key is linked to the hardware in your PC, this means that if you do not change any components you can use the same key indefinately.

Please go here: http://www.microsoft.com/genuine
Click on Validate Windows. When validation fails, you'll see a button to click on which will provide information on how to acquire a WGA Kit.

I would recommend that you install a free antivirus for the moment
either AVG Anti-Virus or avast
they are both good products and use less resources than Norton

Please can you give me the specifications of your PC ie. what hardware you have, and its age (if you know them)

Please try the following scans

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Download and Run ComboFix
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • PC specifications
  • Kaspersky log
  • ComboFix log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Finally

Unread postby SunknTresr » August 18th, 2007, 2:59 pm

Here is what info I have so far, I finally got the Deckers System Scan thing to work, so here's some of of the info you've asked for already.....

Main.txt

Deckard's System Scanner v20070809.63
Run by Owner on 2007-08-17 at 23:57:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2007-08-18 06:57:14 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2007-08-18 06:04:24 UTC - RP14 - ComboFix created restore point
13: 2007-08-17 04:30:02 UTC - RP13 - System Checkpoint
12: 2007-08-16 01:51:48 UTC - RP12 - System Checkpoint
11: 2007-08-15 01:41:54 UTC - RP11 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2007-08-11 06:34:23 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:35 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wpabaln.exe
C:\PROGRA~1\COMMON~1\aol\118681~1\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186815178\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D86D4C0-CA14-46FA-87EE-4BAA3ABB8D27}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 2343 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070815-134701-132 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20070815-134701-184 O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186815178\ee\AOLSoftware.exe
backup-20070815-134701-336 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
backup-20070815-134701-369 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
backup-20070815-134701-473 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
backup-20070815-134701-597 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20070815-134701-974 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
backup-20070815-134702-640 O17 - HKLM\System\CCS\Services\Tcpip\..\{8D86D4C0-CA14-46FA-87EE-4BAA3ABB8D27}: NameServer = 205.188.146.145
backup-20070815-134702-776 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 srescan - c:\windows\system32\zonelabs\srescan.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 vsmon (TrueVector Internet Monitor) - c:\windows\system32\zonelabs\vsmon.exe -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-17 and 2007-08-17 -----------------------------

2007-08-17 07:19:56 0 d-------- C:\Program Files\MetaStream
2007-08-17 06:56:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-17 06:56:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-17 06:56:13 0 d-------- C:\WINDOWS\LastGood
2007-08-17 06:46:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-08-16 22:22:36 0 d-------- C:\Program Files\Alwil Software
2007-08-16 21:49:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-08-13 15:03:39 0 d-------- C:\Program Files\Trend Micro
2007-08-13 14:49:49 0 d---s---- C:\Documents and Settings\Owner\UserData
2007-08-11 23:39:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-11 23:37:43 0 d-------- C:\Program Files\Yahoo!
2007-08-10 23:56:57 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2007-08-10 23:56:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-08-10 23:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-08-10 23:56:14 0 d-------- C:\Program Files\Common Files\aolback
2007-08-10 23:55:40 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-10 23:54:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-10 23:54:55 0 d-------- C:\Program Files\Viewpoint
2007-08-10 23:52:48 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-10 23:52:48 0 d-------- C:\Program Files\Common Files\aol
2007-08-10 23:52:48 0 d-------- C:\Program Files\AOL 9.0
2007-08-10 23:52:48 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-10 23:52:18 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-10 23:45:15 0 d--h----- C:\TEMP
2007-08-10 23:31:29 0 d-------- C:\WINDOWS\Prefetch
2007-08-10 23:13:11 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-10 23:00:03 0 d-------- C:\WINDOWS\setup.pss
2007-08-10 22:24:21 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-08-10 19:33:00 0 d-------- C:\Program Files\Common Files\speechengines
2007-08-10 19:33:00 0 d-------- C:\Program Files\Common Files\mssoap
2007-08-10 19:32:59 0 d-------- C:\WINDOWS\system32\mui
2007-08-10 16:01:55 0 d-------- C:\WINDOWS\twain_32
2007-08-10 16:01:55 0 d-------- C:\WINDOWS\mui
2007-08-10 14:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-08-10 14:50:42 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-08-10 14:50:28 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-10 14:50:22 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-10 14:50:22 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-10 14:50:00 1189920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-10 14:46:06 0 d-------- C:\Program Files\Java
2007-08-10 14:45:14 0 d-------- C:\Program Files\Common Files\Java
2007-08-10 14:34:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-08-10 14:19:35 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-08-10 14:18:39 0 d-------- C:\Program Files\Realtek AC97
2007-08-10 14:18:34 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-08-10 14:18:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-10 14:18:19 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-10 13:58:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-08-10 13:57:56 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-08-10 13:57:56 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-08-10 13:57:56 786432 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-08-10 13:57:56 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-08-10 13:57:56 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-08-10 13:57:56 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-08-10 13:57:56 0 d--h----- C:\Documents and Settings\Owner\Application Data
2007-08-10 13:57:45 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-10 13:57:34 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-08-10 13:57:33 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-10 13:57:33 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-10 13:57:33 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-10 13:57:33 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-10 13:57:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-10 13:56:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-10 13:56:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-10 13:56:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-10 13:56:38 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-10 13:56:38 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-10 13:52:14 0 d-------- C:\WINDOWS\system32\xircom
2007-08-10 13:52:08 258048 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-10 13:52:03 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-10 13:51:41 0 -rahs---- C:\MSDOS.SYS
2007-08-10 13:51:41 0 -rahs---- C:\IO.SYS
2007-08-10 13:51:41 0 --a------ C:\CONFIG.SYS
2007-08-10 13:51:41 0 --a------ C:\AUTOEXEC.BAT
2007-08-10 13:49:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-10 13:49:28 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-10 13:49:28 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-10 13:49:08 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-10 13:48:40 0 d-------- C:\WINDOWS\system32\DirectX
2007-08-10 13:48:06 0 d---s---- C:\WINDOWS\Tasks
2007-08-10 13:48:01 0 d-------- C:\WINDOWS\system32\Macromed
2007-08-10 13:48:01 0 d-------- C:\WINDOWS\srchasst
2007-08-10 13:47:45 0 d-------- C:\WINDOWS\system32\Restore
2007-08-10 13:47:22 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-10 13:46:59 0 d-------- C:\WINDOWS\Registration
2007-08-10 13:45:13 0 d-------- C:\Program Files\Windows NT
2007-08-10 13:45:10 0 d-------- C:\WINDOWS\system32\MsDtc
2007-08-10 13:45:09 0 d-------- C:\WINDOWS\system32\Com
2007-08-10 06:25:04 0 d--hs---- C:\WINDOWS\Installer
2007-08-10 06:24:58 0 dr------- C:\Program Files
2007-08-10 06:24:58 0 d-------- C:\Program Files\Common Files
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-10 06:24:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-08-10 06:24:30 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-10 06:24:30 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-10 06:24:30 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-10 06:24:30 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-10 06:24:30 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-10 06:24:12 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-08-10 06:24:12 0 d-------- C:\WINDOWS\system32\CatRoot
2007-08-10 06:24:06 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-10 06:24:06 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-10 06:24:05 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-10 06:24:05 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-10 06:23:40 0 d--hs---- C:\System Volume Information
2007-08-10 06:23:40 0 d-------- C:\Documents and Settings
2007-08-10 06:15:48 0 d-------- C:\WINDOWS
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\WinSxS
2007-08-10 06:15:48 0 dr------- C:\WINDOWS\Web
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\wins
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\wbem
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\usmt
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\spool
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\Setup
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ras
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\oobe
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\npp
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\IME
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\ias
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\export
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-10 06:15:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\config
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\3076
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\2052
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1054
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1042
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1041
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1037
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1033
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1031
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1028
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system32\1025
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\system
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\security
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Resources
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\repair
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Provisioning
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\PeerNet
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\pchealth
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\msapps
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\msagent
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Media
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\java
2007-08-10 06:15:48 0 d--h----- C:\WINDOWS\inf
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\ime
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Help
2007-08-10 06:15:48 0 dr--s---- C:\WINDOWS\Fonts
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Driver Cache
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Debug
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Cursors
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\Config
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\AppPatch
2007-08-10 06:15:48 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-08-10 06:24:30 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 03:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [11/10/2006 06:16 AM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2007-08-18 at 00:00:39 ---------


Extra.txt

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 1.80GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 253.98 MiB / 68.84 MiB
Pagefile Memory (total/avail): 624.98 MiB / 410.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.53 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 72 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

AV: avast! antivirus 4.7.1029 [VPS 000766-0] v4.7.1029 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event ID #252: Error
Event Submitted/Written: 08/16/2007 11:15:36 PM
Event Source: Application Hang
Event Description:
Hanging application ashSimpl.exe, version 4.7.1029.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #245: Warning
Event Submitted/Written: 08/16/2007 09:49:15 PM
Event Source: Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 24 days.

Event ID #156: Error
Event Submitted/Written: 08/14/2007 06:42:11 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]

Event ID #155: Error
Event Submitted/Written: 08/14/2007 06:30:04 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]

Event ID #146: Error
Event Submitted/Written: 08/14/2007 02:22:57 PM
Event Source: Application Error
Event Description:
Faulting application dss.exe, version 3.2.4.9, faulting module dss.dll, version 0.0.0.0, fault address 0x000020c8.
Processing media-specific event for [dss.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #7997: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event ID #7996: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event ID #7995: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event ID #7994: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event ID #7993: Error
Event Submitted/Written: 08/17/2007 11:05:23 PM
Event Source: W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2007-08-18 at 00:00:39 ---------


ComboFix.txt

ComboFix 07-08-14.4 - "Owner" 2007-08-17 23:04:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.93 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-17 23:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 07:19 <DIR> d-------- C:\Program Files\MetaStream
2007-08-17 06:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-17 06:56 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-17 06:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-17 06:46 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-08-16 22:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-16 22:23 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-16 22:23 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-16 22:23 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-16 22:23 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 22:23 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-16 22:22 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-16 22:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-08-16 22:22 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-14 14:14 <DIR> d-------- C:\Deckard
2007-08-13 15:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 14:49 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-08-11 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-11 23:37 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-11 00:07 471,216 --a------ C:\Program Files\msgr8us.exe
2007-08-10 23:58 10,920 --a------ C:\aolconnfix.exe
2007-08-10 23:56 <DIR> d-------- C:\Program Files\Common Files\aolback
2007-08-10 23:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AOL
2007-08-10 23:55 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-08-10 23:54 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-08-10 23:54 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-10 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-10 23:52 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-10 23:52 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-08-10 23:52 <DIR> d-------- C:\Program Files\Common Files\aol
2007-08-10 23:52 <DIR> d-------- C:\Program Files\AOL 9.0
2007-08-10 23:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-10 23:45 <DIR> d--h----- C:\TEMP
2007-08-10 23:34 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-10 23:31 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-10 23:29 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll
2007-08-10 23:29 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-10 23:29 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll
2007-08-10 23:29 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-10 23:29 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-10 23:29 18,944 --a--c--- C:\WINDOWS\system32\dllcache\vmmreg32.dll
2007-08-10 23:28 9,728 --a--c--- C:\WINDOWS\system32\dllcache\query.exe
2007-08-10 23:28 8,704 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe
2007-08-10 23:28 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2007-08-10 23:28 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2007-08-10 23:28 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll
2007-08-10 23:28 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-08-10 23:28 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2007-08-10 23:28 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-08-10 23:28 6,144 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll
2007-08-10 23:28 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2007-08-10 23:28 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2007-08-10 23:28 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2007-08-10 23:28 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smimsgif.dll
2007-08-10 23:28 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2007-08-10 23:28 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2007-08-10 23:28 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-08-10 23:28 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe
2007-08-10 23:28 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2007-08-10 23:28 38,912 --a--c--- C:\WINDOWS\system32\dllcache\sm9aw.dll
2007-08-10 23:28 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-08-10 23:28 358,400 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll
2007-08-10 23:28 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2007-08-10 23:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2007-08-10 23:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\sma3w.dll
2007-08-10 23:28 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm87w.dll
2007-08-10 23:28 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm81w.dll
2007-08-10 23:28 29,184 --a--c--- C:\WINDOWS\system32\dllcache\sm8cw.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm92w.dll
2007-08-10 23:28 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm90w.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8dw.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8aw.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm89w.dll
2007-08-10 23:28 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2007-08-10 23:28 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2007-08-10 23:28 25,088 --a--c--- C:\WINDOWS\system32\dllcache\sm59w.dll
2007-08-10 23:28 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2007-08-10 23:28 236,544 --a--c--- C:\WINDOWS\system32\dllcache\smi2smir.exe
2007-08-10 23:28 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2007-08-10 23:28 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2007-08-10 23:28 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2007-08-10 23:28 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2007-08-10 23:28 188,416 --a--c--- C:\WINDOWS\system32\dllcache\snmpsmir.dll
2007-08-10 23:28 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-08-10 23:28 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2007-08-10 23:28 175,104 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsa.dll
2007-08-10 23:28 16,384 --a--c--- C:\WINDOWS\system32\dllcache\quser.exe
2007-08-10 23:28 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2007-08-10 23:28 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-08-10 23:28 15,360 --a--c--- C:\WINDOWS\system32\dllcache\padrs804.dll
2007-08-10 23:28 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-08-10 23:28 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 22:21 5859 --a------ C:\Program Files\wipeout.zip
2007-08-11 14:03 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-08-11 14:02 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-08-10 23:30 4676 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-04-26 06:37 728624 --a------ C:\Program Files\aolsetup.exe
2007-04-26 06:37 4424 --a------ C:\Program Files\aolsetup.bin
2007-04-26 06:37 1896 --a------ C:\Program Files\main.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2006-11-10 06:16]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 23:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-17 23:12:58

--- E O F ---

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 17, 2007 10:37:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384790
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 24101
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:43:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SunknTresr\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SunknTresr\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\SunknTresr00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\SunknTresr.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla19.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B742FF32-8D29-4D46-81D6-AFB4D49AD34C}\RP13\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2874307C-840A-4C71-99F3-E4692F40B497}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6E46967B-FB70-466F-BBDC-17F934B0E2DC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat Object is locked skipped
C:\WINDOWS\Temp\_av_proI.tm~a03240\dld1.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



I also found this log on my desktop but I have no idea where it came from (which scan).....

VETlog.txt


---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:02:22
Process Id: 4028
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 3192(0xc78)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13

Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768

EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.

Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!

Additional parameters:
0x1
0x3d088889

Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xc78
EDX: 0xc
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec

AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
AOLArt.dll 3.0.7.36
AOLShell.dll 3.0.11.26
AOLUserShell.dll 3.2.2.26
Cursors.dll 3.4.0.67
DataTracking.dll 3.0.8.201
GifReader.dll 3.2.2.26
JpegReader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
ObjectMovie.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ServiceComponent.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
SWFView.dll 3.2.2.26
VectorView.dll 3.2.2.26
VMPAudio.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPSpeech.dll 3.2.2.26
VMPVideo.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
WaveletReader.dll 3.2.2.26
ZoomView.dll 3.2.2.26

Where: DoCommandInternal

---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:06:08
Process Id: 4028
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 3192(0xc78)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13

Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768

EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.

Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!

Additional parameters:
0x1
0x3d088889

Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xc78
EDX: 0x1
ECX: 0x0
EAX: 0x0
EBP: 0x22cdc4
EIP: 0x20c14ff6
ESP: 0x22cc70

AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
AOLArt.dll 3.0.7.36
AOLShell.dll 3.0.11.26
AOLUserShell.dll 3.2.2.26
Cursors.dll 3.4.0.67
DataTracking.dll 3.0.8.201
GifReader.dll 3.2.2.26
JpegReader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
ObjectMovie.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ServiceComponent.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
SWFView.dll 3.2.2.26
VectorView.dll 3.2.2.26
VMPAudio.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPSpeech.dll 3.2.2.26
VMPVideo.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
WaveletReader.dll 3.2.2.26
ZoomView.dll 3.2.2.26

Where: DoCommandInternal

---------------------------------------------------------------------------------------------------------------
OS Date: 08/17/07
OS Time: 23:13:43
Process Id: 2616
Process File: C:\Program Files\AOL 9.0\waol.exe
Command line: -Brestart
Thread Id: 2128(0x850)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13

Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768

EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.

Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!

Additional parameters:
0x1
0x3d088889

Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0x850
EDX: 0xa
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec

AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
ZoomView.dll 3.2.2.26
WaveletReader.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
VMPVideo.dll 3.2.2.26
VMPSpeech.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPAudio.dll 3.2.2.26
VectorView.dll 3.2.2.26
SWFView.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
ServiceComponent.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ObjectMovie.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
JpegReader.dll 3.2.2.26
GifReader.dll 3.2.2.26
DataTracking.dll 3.0.8.201
Cursors.dll 3.4.0.67
AOLUserShell.dll 3.2.2.26
AOLShell.dll 3.0.11.26
AOLArt.dll 3.0.7.36

Where: DoCommandInternal

---------------------------------------------------------------------------------------------------------------
OS Date: 08/18/07
OS Time: 09:56:09
Process Id: 464
Process File: C:\PROGRA~1\AOL9~1.0\waol.exe
Command line:
Thread Id: 2864(0xb30)
Module handle: 0x14800000
Module File: C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
Module version: MTS: 3,5,0,13; Dll: 3.5.0.13

Processor Intel Pentium Family 15 Model 1 Stepping 3 (1 Processor(s))
OS 344158752 Build 2600 Service Pack 2
Normal Boot
1 Monitor(s) Primary resolution is 1024 x 768

EXCEPTION_ACCESS_VIOLATION: The thread attempted to read from or write to a virtual address for which it does not have the appropriate access.

Stack:
AOLUserShell.dll! 0x20c00000 + 0x14ff6()
AOLUserShell.dll! 0x20c00000 + 0x487c6()
AOLUserShell.dll! 0x20c00000 + 0x392e7()
AOLUserShell.dll! 0x20c00000 + 0x378f8()
AOLUserShell.dll! 0x20c00000 + 0x12672()
AxMetaStream_0305000D.dll! 0x14800000 + 0x1278()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe1b3()
AxMetaStream_0305000D.dll! 0x14800000 + 0xe065()
AxMetaStream_0305000D.dll! 0x14800000 + 0xeb4b()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4aa4()
OLEAUT32.dll! 0x77120000 + 0x79e0()
AxMetaStream_0305000D.dll! 0x14800000 + 0x4fe1()
vbscript.dll! 0x73300000 + 0x13a78()
vbscript.dll! 0x73300000 + 0x139f6()
vbscript.dll! 0x73300000 + 0x4b01()
vbscript.dll! 0x73300000 + 0x4f5a()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x4dba()
vbscript.dll! 0x73300000 + 0x1e55()
vbscript.dll! 0x73300000 + 0x3a76()
vbscript.dll! 0x73300000 + 0xbe2a()
vbscript.dll! 0x73300000 + 0xd572()
vbscript.dll! 0x73300000 + 0xd3b8()
actvx.rct! 0x6a100000 + 0x992a()
actvx.rct! 0x6a100000 + 0x1bc1()
actvx.rct! 0x6a100000 + 0x75eb()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15c0f()
supersub.dll! 0x60580000 + 0x17333()
supersub.dll! 0x60580000 + 0x58d2()
supersub.dll! 0x60580000 + 0x5835()
supersub.dll! 0x60580000 + 0x164ad()
supersub.dll! 0x60580000 + 0x1644b()
supersub.dll! 0x60580000 + 0x16070()
supersub.dll! 0x60580000 + 0x15ee8()
supersub.dll! 0x60580000 + 0x15a2a()
supersub.dll! 0x60580000 + 0x156ca()
Stop displaying stack!!

Additional parameters:
0x1
0x3d088889

Registers context:
EDI: 0x76756964
ESI: 0x3d088889
EBX: 0xb30
EDX: 0x6
ECX: 0x0
EAX: 0x0
EBP: 0x22d540
EIP: 0x20c14ff6
ESP: 0x22d3ec

AxMetaStream_0305000D.dll 3.5.0.13
ComponentMgr.dll 3.5.0.28
ZoomView.dll 3.2.2.26
WaveletReader.dll 3.2.2.26
VMPVideo2.dll 3.4.0.67
VMPVideo.dll 3.2.2.26
VMPSpeech.dll 3.2.2.26
VMPExtras.dll 3.0.7.36
VMPAudio.dll 3.2.2.26
VectorView.dll 3.2.2.26
SWFView.dll 3.2.2.26
SreeDMMX.dll 3.4.0.67
ServiceComponent.dll 3.2.2.26
SceneComponent.dll 3.5.0.28
ObjectMovie.dll 3.2.2.26
Mts3Reader.dll 3.2.2.26
LensFlares.dll 3.2.2.26
JpegReader.dll 3.2.2.26
GifReader.dll 3.2.2.26
DataTracking.dll 3.0.8.201
Cursors.dll 3.4.0.67
AOLUserShell.dll 3.2.2.26
AOLShell.dll 3.0.11.26
AOLArt.dll 3.0.7.36

Where: DoCommandInternal


Anything else you need from me???
SunknTresr
Active Member
 
Posts: 6
Joined: May 28th, 2007, 11:40 pm
Location: N. Cali

Unread postby Katana » August 19th, 2007, 3:31 pm

Hi SunknTresr,

After looking at the logs, I am sorry to tell you it does not look like a malware problem
(I am sorry because it means I don't have the expertise help you :( )

I would recommend that you go to Castle Cops and start a thread in the General Computer Problems forum
http://www.castlecops.com/f120-General_ ... blems.html

If you explain what has been going on and then give a link to this topic it will save you (and the helper) from going over the same ground.

Just copy and paste this link
http://www.malwareremoval.com/forum/viewtop ... 179#203179

Once again I am sorry that I can't help you.

I hope all goes well

K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Elrond » August 24th, 2007, 2:28 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 156 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware