Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Some sort of crazy codec virus

  • 03-02-2008 5:56pm
    #1
    Iceman_5000
    Closed Accounts Posts: 105 ✭✭


    Hey guys, bit of help needed here. I've downloaded somekind of codec virus. Should have know it was a virus but curiosity got the better of me! Anyway it seems to keep re spawing every time i think i have it removed using "SmithfraudFix" but after i load up the computer the second time the pop ups reappear in ever increasing number with my desktop background sometimes changes to a massive red bio hazard logo telling me to download anti spyware software. (which i haven't off them) I have attached the icons that appear on my desktop when i know it has re appeared. I have also used McAfee, Spybot and rouge remover.

    Hope you can help, Cheers!


Comments

  • #2
    mukki
    Closed Accounts Posts: 2,669 ✭✭✭mukki


    hahahahahah
    codec virus.....................



    So I guess it was bundled with a codec that you needed to look at the nakid ladies?????



    n
    e
    way....


    it looks just like smitfraud, maybe its a new version, see if you can get a newer smitfraud fix


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • #4
    cichlid child
    Registered Users, Registered Users 2 Posts: 646 ✭✭✭cichlid child


    do what ever actorseeksjob says he has helped me before amazing knowledge of computers.Nice to see your still helping out actorseeksjob is the mother tresea of the virus world


  • #5
    Macker1
    Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    cichlid child wrote: »
    do what ever actorseeksjob says he has helped me before amazing knowledge of computers.Nice to see your still helping out actorseeksjob is the mother tresea of the virus world




    I can second that, ASJ is the person to solve your problem


    :):):):):)


  • #6
    numbnuts
    Closed Accounts Posts: 68 ✭✭numbnuts


    mukki wrote: »
    hahahahahah
    codec virus.....................



    So I guess it was bundled with a codec that you needed to look at the nakid ladies?????

    Hmmm. How I look at it is your comments don’t help, this is a person who some how has got infected with a ??? Quite easy to do. Its quite easy to get infected with just the click of the mouse ..

    What I don’t like about your post is the assumption of porn..

    Then again reading it looks like you been there done that …
    So I guess it was bundled with a codec that you needed to look at the nakid ladies?????


    User Behavior & Spyware
    Spyware: What's Worked, What's Left, and What's Coming go listen …mukki

    http://antispywarecoalition.org/events/jan2008.php





    iceman listen to AJ you in good hands ….

    Paddy …


  • Advertisement
  • #7
    Iceman_5000
    Closed Accounts Posts: 105 ✭✭Iceman_5000


    main text,

    Deckard's System Scanner v20071014.68
    Run by John on 2008-02-05 05:21:03
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    39: 2008-02-05 05:21:16 UTC - RP413 - Deckard's System Scanner Restore Point
    38: 2008-02-02 16:58:41 UTC - RP412 - System Checkpoint
    37: 2008-02-01 00:39:17 UTC - RP411 - System Checkpoint
    36: 2008-01-27 18:21:12 UTC - RP410 - System Checkpoint
    35: 2008-01-26 00:33:17 UTC - RP409 - System Checkpoint


    -- First Restore Point --
    1: 2007-11-05 16:55:39 UTC - RP375 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 504 MiB (512 MiB recommended).


    -- HijackThis (run as John.exe)

    Logfile of HijackThis v1.99.1
    Scan saved at 05:23:09, on 05/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BitTorrent_DNA\dna.exe
    C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Documents and Settings\John\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\John.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: The enqvwkp - {92162A1C-A9E3-4C0C-BCDC-2996E8406887} - C:\WINDOWS\enqvwkp.dll (file missing)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] F
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB003" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZC
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
    R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
    R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
    R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

    S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
    S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
    R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
    R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
    R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

    S2 PREVXAgent (Prevx Agent) - "c:\program files\prevx1\pxagent.exe" -f <Not Verified; Prevx; Prevx-1>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-02-05 02:18:59 348 --a
    C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D6J8202J-John).job
    2007-12-12 12:51:20 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-01-05 and 2008-02-05

    2008-02-03 18:07:52 83456 --a
    C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-02-03 14:20:44 257568 --a
    C:\Documents and Settings\John\Application Data\setup_en[1].exe <Not Verified; Locus Software, Inc.; Locus Installer>
    2008-01-18 00:56:41 5362 --a
    C:\WINDOWS\system32\tmp.reg
    2008-01-18 00:55:51 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2008-01-18 00:55:51 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-01-18 00:55:51 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-01-18 00:55:51 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-01-18 00:55:51 81920 --a
    C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-01-18 00:55:51 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2008-01-16 00:49:43 0 d
    C:\Program Files\RogueRemover FREE
    2008-01-14 23:44:41 0 d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com


    -- Find3M Report

    2008-02-05 05:19:41 0 d
    C:\Documents and Settings\John\Application Data\BitTorrent DNA
    2008-02-02 18:03:34 0 d
    C:\Documents and Settings\John\Application Data\AdobeUM
    2008-01-18 00:32:40 0 d
    C:\Program Files\Common Files
    2008-01-17 07:03:17 0 d
    C:\Documents and Settings\John\Application Data\BitTorrent
    2008-01-07 18:13:55 0 d
    C:\Program Files\Dl_cats


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 16:33]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [19/07/2005 23:09]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [19/07/2005 23:06]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [19/07/2005 23:10]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
    "@=" []
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [01/09/2005 17:24]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 16:19]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 01:02]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [08/07/2005 18:18]
    "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11/08/2005 22:02]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 17:29]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 11:05]
    "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [12/07/2005 19:05]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [12/07/2005 18:06]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [10/08/2005 12:49]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [18/08/2005 17:52]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [07/04/2004 08:02]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [07/06/2005 18:39]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [22/07/2005 19:45]
    "MemoryCardManager"="F" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 14:57]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/09/2006 00:58]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02/02/2005 04:00]
    "PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [09/06/2007 08:57]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/10/2007 23:31]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/10/2007 16:31]
    "@=" []
    "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [08/10/2007 17:41]
    "Boots Insert Detect"="C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" [17/02/2003 10:45]
    "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [13/11/2007 21:46]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [15/12/2005 10:56:00]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [03/05/2005 22:07:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
    "system"=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll, ntoskrnl.dll, xlibgfl254.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4412469c-65f7-11db-9468-000e5060538d}]
    AutoRun\command- E:\setupSNK.exe




    -- End of Deckard's System Scanner: finished at 2008-02-05 05:23:55

    extra text

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
    Percentage of Memory in Use: 50%
    Physical Memory (total/avail): 503.37 MiB / 249.75 MiB
    Pagefile Memory (total/avail): 1228.23 MiB / 936.95 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1934.28 MiB

    C: is Fixed (NTFS) - 34 GiB total, 15.51 GiB free.
    D: is CDROM (CDFS)

    \\.\PHYSICALDRIVE0 - FUJITSU MHV2040AH - 37.26 GiB - 3 partitions
    \PARTITION0 - Unknown - 94.1 MiB
    \PARTITION1 (bootable) - Installable File System - 34 GiB - C:
    \PARTITION2 - Unknown - 3.16 GiB



    -- Security Center

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: McAfee Personal Firewall Plus v (McAfee)
    AV: McAfee VirusScan v (McAfee) Disabled Outdated

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\John\Application Data
    CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=D6J8202J
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\John
    LOGONSERVER=\\D6J8202J
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\John\LOCALS~1\Temp
    TMP=C:\DOCUME~1\John\LOCALS~1\Temp
    USERDOMAIN=D6J8202J
    USERNAME=John
    USERPROFILE=C:\Documents and Settings\John
    windir=C:\WINDOWS


    -- User Profiles

    John (admin)


    -- Add/Remove Programs

    --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
    --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
    --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
    --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\uisurvey.exe
    Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
    Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
    ARTEuro --> MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
    BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
    BitTorrent DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
    Boots F2CD Picture Suite --> "C:\Program Files\Boots F2CD\Picture Suite\Uninstal.exe" C:\PROGRA~1\BOOTSF~1\PICTUR~1\INSTALL.LOG
    Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
    Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
    Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
    Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
    Dell Photo AIO Printer 944 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcdUNST.EXE -NOLICENSE
    Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Football Manager 2006 --> MsiExec.exe /X{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}
    Go Ronald Bobsled Game --> MsiExec.exe /I{D16BBB6A-CD6D-40BD-999D-9603C8BE9D48}
    Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Hazard Perception 2005/6 --> "C:\Program Files\Hazard Perception 2005-2006\unins000.exe"
    HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
    Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
    Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
    Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
    iPod for Windows 2005-09-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
    iTunes --> MsiExec.exe /I{885894A5-BA0A-460E-AB4C-96C5C9B2C5E2}
    Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
    Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
    LimeWire 4.10.5 --> "C:\Program Files\LimeWire\uninstall.exe"
    Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
    McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
    mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
    MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
    mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
    mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
    Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual Basic 6.0 Professional Edition --> "C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
    mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MP3 WAV Converter 3.12 --> C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
    mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
    mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
    mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    My Web Search (Cursor Mania) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
    mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    Photo Finale Viewer --> "C:\Program Files\Photo Finale\Photo Finale Viewer\PhotoFinale.exe" -uninstall
    PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Prevx 2.0 --> "C:\Documents and Settings\All Users\Application Data\Prevx\PrevxSetup.exe" ACTION=UNINSTALL -V -REBOOT -APP
    QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
    QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
    Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
    Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
    SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TopGunHornet'sNest --> C:\WINDOWS\IsUninst.exe -fC:\Games\MicroProse\TopGunHornet'sNest\Uninst.isu -c"C:\Games\MicroProse\TopGunHornet'sNest\Uninst.dll"
    TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    TVUPlayer 2.2.0 --> C:\Program Files\TVUPlayer\uninst.exe
    Ultra soft --> C:\Documents and Settings\John\Application Data\ultra\uninstall.bat
    VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409
    VideoEgg Publisher --> C:\Documents and Settings\John\Application Data\VideoEgg\Uninstall.exe
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
    Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
    WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


    -- Application Event Log

    Event Record #/Type3278 / Success
    Event Submitted/Written: 02/05/2008 02:20:10 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type3274 / Warning
    Event Submitted/Written: 02/05/2008 02:18:56 AM
    Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
    Event Description:
    (SpnRegister) : Error 1355

    Event Record #/Type3268 / Success
    Event Submitted/Written: 02/03/2008 06:19:52 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type3265 / Warning
    Event Submitted/Written: 02/03/2008 06:17:48 PM
    Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
    Event Description:
    (SpnRegister) : Error 1355

    Event Record #/Type3258 / Success
    Event Submitted/Written: 02/03/2008 06:03:47 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type589726 / Warning
    Event Submitted/Written: 02/03/2008 07:05:19 PM
    Event ID/Source: 4 / bcm4sbxp
    Event Description:
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Event Record #/Type589725 / Error
    Event Submitted/Written: 02/03/2008 06:36:26 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The Prevx Agent service terminated unexpectedly. It has done this 2 time(s).

    Event Record #/Type589710 / Error
    Event Submitted/Written: 02/03/2008 06:18:06 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The Prevx Agent service terminated unexpectedly. It has done this 1 time(s).

    Event Record #/Type589693 / Error
    Event Submitted/Written: 02/03/2008 06:16:28 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Event Record #/Type589692 / Error
    Event Submitted/Written: 02/03/2008 06:16:15 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}



    -- End of Deckard's System Scanner: finished at 2008-02-05 05:23:55

    There we go! Havn't had any problems since updating the smithfraud but may as well have a proper clean up now. Cheers


  • #8
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    mukki, please read the charter. We do not make judgements on how a machine may have become infected on this forum.


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Little left to fix :)

    First off you have two firewalls running so you need to disable Windows Firewall

    1. Click Start, click Run, type Firewall.cpl, and then click OK.
    2. On the General tab, click Off (not recommended), and then click OK.


    Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

    My Web Search (Cursor Mania)



    Then delete this folder in bold if present

    C:\PROGRAM Files\MyWebSearch


    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: The enqvwkp - {92162A1C-A9E3-4C0C-BCDC-2996E8406887} - C:\WINDOWS\enqvwkp.dll (file missing)
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZC

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe



    Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
    Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4412469c-65f7-11db-9468-000e5060538d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"


    Then double click on the fix.reg file, when it prompts to merge click "Yes".



    Then reboot and post a new DSS log


Advertisement