Email and all Uploading of Media and more than 20 lines of text blocked

[chelley]

I can only post items marked as Infected but these seem erronious

PART 1 OF THE KASPERSKY ONLINE SCANNER REPORT

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true


Saturday, April 19, 2008 1:15:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715057

 

[chelley]

Part 2 Of The Kaspersky Online Scanner Report

Scan Statistics
Total number of scanned objects 435960
Number of viruses found 5
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 07:03:04

MOST STUFF IS LIKE THIS!
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102007-055127.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

INTERESTING STUFF IS!
C:\Program Files\ESET\infected\OAGCYRCA.NQF Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Program Files\ESET\infected\RECQXVAA.NQF Infected: Trojan.Win32.Obfuscated.en skipped

 

[chelley]

Part 3 Of The Kaspersky Online Scanner Report Summary

C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
X:\Vdownloader\VDownloader.exe Infected: not-a-virusownloader.Win32.VDown.a skipped

The file does not really say anything Usefull

 

[chelley]

Where do we go from here ?

Nothing serious seems to show up! do you think my modem / router could be to blame?

ASR-8000
Part no. SAMR-4115

Michelle

 

[chelley]

I Just did a Modem / Router reset reconfigure NO CHANGE

I tried a factory reset and reconfigure on my modem but this does not help, I also find I am unable to run speed tests on http://www.thinkbroadband.com/speedtest.html

So I still need help (

Chelley

 

[ndmmxiaomayi]

Hi,

I'm now looking over your log. It will take some time as it been split into too many posts.

Thank you for your patience.

 

[chelley]

My Friend in Germany has found something

My friend in Germany who is primarily an expert with Linux and Debian operating systems has found something curious, at first he could not get into my system with VNC for remote desktop access like he has in the past, so he had a hunch he changed his MTU on his pc to a lower level and then he was able to get in, before that he only got a black screen no desktop? This is all very strange nothing has changed with my system or router configuration in 2 years (I don't like changing things in case it breaks) he then told me to change my MTU in my router WELL BELOW THE SETTINGS MY ISP GAVE ME? and it worked so that he could leave his as default settings, and worked for him on VNC. Also now I can send larger emails and upload video to YouTube again! BUT ONLY on one machine? My other windows XP pc still wont work properly, so something is either not seeing the change we made (perhaps a virus) and has not had a chance to mutate or adapt, or something else is going on, I am left scratching my head over this! But for today at least I do have full functionality on at least 1 pc, the others still are misbehaving.

MTU was set in my router to 1458 as recomended by my ISP Entanet (Fails)
MTU which my friend told me to try is 1438 we also lowed the MSS to 1300 just to try and so far success, Now the question is this! Is my ISP responsible for some jiggery pokery to try and limit multimedia packet passage or is this a Virus causing this?

As I explained earlier my friend is not knowlegable on Virus or Malware he is only trying to find a temporary hardware solution for me to better communicate with you guys here.

Michelle

 

[ndmmxiaomayi]

Hi,

I don't have much knowledge on networking either. It seems like the greater the value for MTU, the better it is.

http://en.wikipedia.org/wiki/Maximum_transmission_unit

Disable Ad-Aware Ad-Watch temporarily

While it's good to have extra protection, Ad-Watch can interfere with the removal of malware as well. Please disable it temporarily. You can re-enable it after your computer is clean.

To disable it, please do the following:

1. Right click on the Ad-Watch icon in the system tray (
   
   )
2. Select Goto Settings.
3. Click on Status on the left.
4. On your right hand side, click once on each of the section to turn the green tick into a red cross.
5. Click on RegShield on the left.
6. On your right hand side, click once on each of the section to turn the green tick into a red cross.
7. Click on Settings on the left.
8. Click once on Load Ad-Watch at startup to turn the green tick into a red cross.
9. Minimize Ad-Watch.
10. Right click on the Ad-Watch icon again and select Close Ad-Watch.
11. You will be prompted if you want to shut down Ad-Watch. Click Yes.
12. Restart your computer for the changes to take effect.

Disable Windows Defender temporarily

Like Ad-Watch, Windows Defender can protect your computer, but it can interfere with our fixes. Please disable it temporarily as well.

To disable it, please do the following:

1. Go to Start > All Programs > Windows Defender.
2. Click on Tools at the top.
3. Under Settings, click on Options.
4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
6. Click on the Save button at the bottom right hand corner.

Remove one antivirus

Please choose to keep either Symantec Antivirus or NOD32 Eset Antivirus. Having more than one antivirus running in real-time will cause conflicts.

Run DSS

1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
2. Save all your work and close all opened programs.
3. Double click on dss.exe to run it. Follow the prompts.
4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.

 

[chelley]

I just ran dss it caused a NAV warning

Dear ndmmxiaomayi

NAV warned of a process GetFolder process inkread.vbs I blocked the action it also wanted to access the Internet so I blocked it was this right? I do not like any processes that do things without explanation!

Michelle

 

[chelley]

Fingers crossed this is extra.txt hope the temporary MTU fix will help uploading?

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 4000+
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2047.23 MiB / 1525.79 MiB
Pagefile Memory (total/avail): 3294.09 MiB / 2900.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.43 MiB

A: is Removable (No Media)
B: is Network (No Media)
C: is Fixed (NTFS) - 14.65 GiB total, 0.49 GiB free.
D: is Fixed (FAT32) - 0.98 GiB total, 0.31 GiB free.
E: is Fixed (FAT32) - 1.95 GiB total, 0.65 GiB free.
F: is Fixed (NTFS) - 4.88 GiB total, 0.09 GiB free.
G: is Fixed (NTFS) - 25.88 GiB total, 1.43 GiB free.
H: is Fixed (NTFS) - 16.15 GiB total, 1.86 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is Network (CDFS)
N: is Network (CDFS)
O: is Network (NTFS)
P: is Network (FAT)
Q: is Network (FAT)
S: is Network (FAT)
T: is Network (FAT)
W: is Network (FAT)
X: is Network (NTFS)
Y: is Network (FAT)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 7 partitions
\PARTITION0 - Unknown - 1498.22 MiB
\PARTITION1 - Unknown - 11.72 GiB
\PARTITION2 (bootable) - Installable File System - 14.65 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 48.86 GiB - E: - F: - G: - H:

\\.\PHYSICALDRIVE1 - WDC AC11000H - 1007.02 MiB - 1 partition
\PARTITION0 - Unknown - 1006 MiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: Kerio Personal Firewall v4.2.3 T (Kerio)
AV: Norton AntiVirus v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe:*isabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Julie OSG\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VENUS6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Julie OSG
LOGONSERVER=\\VENUS6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JULIEO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JULIEO~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VENUS6
USERNAME=Julie OSG
USERPROFILE=C:\Documents and Settings\Julie OSG
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Julie (admin)
Julie OSG (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.23 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Atlas 0.3.0 --> "C:\Program Files\FlightGear\unins000.exe"
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
DivX Author 1.5 --> C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
DVD Shrink 3.2 --> "F:\Program Files\DVD Shrinkb\unins000.exe"
FlightGear --> "C:\Program Files\FlightGear\uninstall.exe"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
FXhome VisionLab Studio (remove only) --> "C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
GIGABYTE VGA Utility Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperMedia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B92F966F-7888-459F-8EC7-339BBDF30BFC}\setup.exe" -l0x9 -removeonly
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KWorld Multimedia -- TV Tuner Card Utilities --> "C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\unins000.exe"
KWorld TV713X BDA Driver --> C:\WINDOWS\p3xunist.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetMeter 0.9.9.9 (beta 2) --> "C:\Program Files\NetMeter\unins000.exe"
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton CleanSweep --> MsiExec.exe /I{634B01DF-A45B-4623-80E1-E15FF82A4979}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks 2005 Premier (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}.exe /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U /S
PerformanceTest v5.0 --> "C:\Program Files\PerformanceTest\unins000.exe"
QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RivaTuner v2.02 --> "C:\Program Files\RivaTuner v2.02\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{A990EAA7-8941-4621-BC27-4F16261D3180}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
TortoiseCVS 1.8.31 --> "C:\Program Files\TortoiseCVS\unins000.exe"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
ULi AGP Driver --> C:\WINDOWS\System32\UnAGP.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}\Setup.exe" -uninst
ULi LAN Driver --> C:\WINDOWS\System32\UnLAN.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
VGA Utility --> MsiExec.exe /I{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}


-- Application Event Log -------------------------------------------------------

Event Record #/Type7023 / Error
Event Submitted/Written: 04/21/2008 07:50:37 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type7003 / Warning
Event Submitted/Written: 04/21/2008 07:30:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6981 / Warning
Event Submitted/Written: 04/21/2008 10:35:38 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6952 / Warning
Event Submitted/Written: 04/20/2008 11:08:08 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6927 / Warning
Event Submitted/Written: 04/20/2008 05:24:28 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21650 / Error
Event Submitted/Written: 04/21/2008 07:34:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAA7134 TV Card service failed to start due to the following error:
%%1058

Event Record #/Type21649 / Error
Event Submitted/Written: 04/21/2008 07:34:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
%%2

Event Record #/Type21648 / Warning
Event Submitted/Written: 04/21/2008 07:33:07 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share peak because the directory D:\Asrock-Drivers\peakhardware no longer exists. Please run "net share peak /delete" to delete the share, or recreate the directory D:\Asrock-Drivers\peakhardware.

Event Record #/Type21639 / Error
Event Submitted/Written: 04/21/2008 07:16:43 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3840A771-FA93-4272-B583-FE3C5376C67D}.
The backup browser is stopping.

Event Record #/Type21638 / Warning
Event Submitted/Written: 04/21/2008 07:15:13 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\SERVE2 on the network \Device\NetBT_Tcpip_{3840A771-FA93-4272-B583-FE3C5376C67D}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-04-21 19:53:20 ------------

 

[chelley]

OK so far so good next file

Deckard's System Scanner v20071014.68
Run by Julie OSG on 2008-04-21 19:47:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-21 18:47:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.5 GiB (less than 15%) free.


-- HijackThis (run as Julie OSG.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:43, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\Program Files\RivaTuner v2.02\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\ENTA2\EntaTool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\Program Files\Wheels\WheelKeys.exe
C:\Documents and Settings\Julie OSG\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Julie OSG\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Julie OSG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.youtube.com/my_videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nasa.gov/multimedia/nasatv/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Dimension4] F:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [EntaTool] "F:\Program Files\ENTA2\EntaTool.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
O4 - Startup: Shortcut to WheelKeys.lnk = C:\Program Files\Wheels\WheelKeys.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Julie OSG\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1187835168890
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187835138281
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5105/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O17 - HKLM\System\CS3\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11162 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys <Not Verified; Sunbelt Software; >
R1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys <Not Verified; ; HIPS>
R3 3xHybrid (3xHybrid service) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; NXP Semiconductors Germany GmbH; NXP Semiconductors 3xHybrid>
R3 GPCIDrv - c:\windows\gpcidrv.sys
R3 GVTDrv - c:\windows\system32\drivers\gvtdrv.sys
R3 RivaTuner32 - c:\program files\rivatuner v2.02\rivatuner32.sys

S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 Cap7134 (Philips Cap7134 Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
S3 PhTVTune (Philips WDM TVTuner) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - c:\program files\tuneup utilities 2006\winstylerthemesvc.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 19:36:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-21 00:00:00 316 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2008-04-11 20:18:19 556 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Julie OSG.job
2008-04-11 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-02-25 13:26:40 300 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2008-02-09 08:59:25 250 --a------ C:\WINDOWS\Tasks\wizmo.exe exit.job
2007-06-05 05:54:06 526 --a------ C:\WINDOWS\Tasks\Nero ImageDrive.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-19 13:38:18 0 d-------- C:\Program Files\Trend Micro
2008-04-19 05:47:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 05:47:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 21:56:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-17 21:56:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-17 20:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-17 20:44:12 0 d-------- C:\Program Files\Common Files\iS3
2008-04-17 20:44:12 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-15 02:50:05 0 d-------- C:\Program Files\Google Video
2008-04-14 03:56:57 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\Talkback
2008-04-14 03:56:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 03:56:30 2818 --a------ C:\WINDOWS\mozver.dat
2008-04-14 03:56:30 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\Mozilla
2008-04-08 05:57:16 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\KWorld Multimedia
2008-04-08 05:56:27 0 d-------- C:\Program Files\KWorld Multimedia
2008-04-08 05:47:31 945920 --a------ C:\WINDOWS\system32\drivers\3xHybrid.sys <Not Verified; NXP Semiconductors Germany GmbH; NXP Semiconductors 3xHybrid>
2008-04-08 04:54:33 0 d-------- C:\Program Files\V-Stream Multimedia
2008-04-07 23:54:55 49152 --a------ C:\WINDOWS\p3xunist.exe <Not Verified; Kworld Computer Co., Ltd.; TV713X BDA Uninstallation Program>
2008-04-07 23:54:38 28448 -ra------ C:\WINDOWS\system32\drivers\PhTVTune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
2008-04-07 23:54:10 358016 -ra------ C:\WINDOWS\system32\drivers\Cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
2008-04-07 23:53:59 106571 -ra------ C:\WINDOWS\system32\Prop7134.dll <Not Verified; Philips Semiconductors; Philips Prop7134>
2008-04-07 23:53:58 24576 -ra------ C:\WINDOWS\system32\34pciurd.dll <Not Verified; Philips Semiconductors; Philips 34PCIurd>
2008-04-07 23:53:58 24576 -ra------ C:\WINDOWS\system32\34i2curd.dll <Not Verified; Philips Semiconductors; Philips 34I2Curd>
2008-04-07 23:53:58 36864 -ra------ C:\WINDOWS\system32\34ds.dll <Not Verified; Philips Semiconductors; 34ds>
2008-04-07 23:53:58 290816 -ra------ C:\WINDOWS\system32\34dlg2.dll <Not Verified; Philips Semiconductors; dialog3 Dynamic Link Library>
2008-04-07 23:53:57 98304 -ra------ C:\WINDOWS\system32\34dialog.dll <Not Verified; Philips Semiconductors; 34dialog>
2008-04-07 23:53:56 77824 -ra------ C:\WINDOWS\system32\34dd.dll <Not Verified; Philips Semiconductors; 34dd>
2008-04-07 23:53:56 114688 -ra------ C:\WINDOWS\system32\34com.dll <Not Verified; Philips Semiconductors; VampCOM Module>


-- Find3M Report ---------------------------------------------------------------

2008-04-21 19:35:24 5112 --a------ C:\WINDOWS\GPCIDrv.sys
2008-04-21 19:35:21 0 dr------- C:\Program Files\Common Files
2008-04-19 16:55:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 08:39:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 00:38:15 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\flightgear.org
2008-04-11 23:27:02 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\gtk-2.0
2008-04-08 07:06:06 0 d-------- C:\Program Files\FXhome VisionLab Studio
2008-02-27 06:39:11 0 d-------- C:\Program Files\Google
2008-02-25 13:26:40 0 d-------- C:\Program Files\Norton SystemWorks
2008-02-22 03:33:07 0 d-------- C:\Program Files\RealVNC
2008-02-13 01:06:07 3447 --a------ C:\WINDOWS\unins000.dat
2008-02-13 01:03:36 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [27/07/2004 17:01 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"RivaTunerStatisticsServer"="C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [01/07/2007 20:20]
"RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [01/07/2007 20:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 17:22]
"nwiz"="nwiz.exe" [01/06/2006 17:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 17:22 C:\WINDOWS\SYSTEM32\nvmctray.dll]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 16:30]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [06/09/2006 14:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/01/2008 12:42]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [21/11/2007 01:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"Dimension4"="F:\Program Files\D4\D4.exe" [04/02/2004 02:26]
"EntaTool"="F:\Program Files\ENTA2\EntaTool.exe" [20/07/2007 22:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/05/2007 09:27]
"Fraps"="C:\FRAPS\FRAPS.EXE" [19/12/2006 14:02]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [10/09/2004 03:12]
"Google Update"="C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [18/04/2008 03:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

8332 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-21 19:53:20 ------------

 

[chelley]

I think that file has cured my Problem but still testing!

Dear ndmmxiaomayi,

I followed your instructions to the letter, and then I ran the program dss.exe and now my XP machine seems to be working again

However I still have another windows 2000 pc to fix and also windows 98se boot partition's on dual booting PC's the only reason I use the old win98 now is for running very old programs that will not work on the newer os's

Can I use the same dss.exe you told me to run > on all PC's and boot drives or are these files specific to XP / win2k ?

I await further instruction.

You are a Genius thanks ...

chelle

 

[chelley]

Update - I now get a warning on my other PC of a Virus!

I was just doing routine windows 2000 Disk Cleanup on my other main PC and Nod popped up a warning in red here is the error!

Time Module Object Name Threat Action User Information
21/04/2008 23:03:23 AMON file C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-34a056af Java/TrojanDownloader.OpenStream.NAC trojan deleted SERVE2\Administrator Event occurred at an attempt to access the file by the application: C:\WINNT\System32\cleanmgr.exe.


it seems I can't get rid of these things?


Chelle

 

[ndmmxiaomayi]

Hi,

I'm not familiar with Windows 2000 and Windows 98. I can try to interpret the logs, but there will be delay as I get help in understanding them.

Uninstall one firewall

2 firewalls are installed and this is not recommended. It can cause issues as they may block each other. Please choose to keep either Sunbelt Kerio Firewall or Symantec Firewall.

Restart your computer after that.

Show Scheduled Task program

1. Click on Start > Control Panel and double click on Scheduled Tasks.
2. Right click on wizmo.exe exit and select Properties.
3. Select the Task tab.
4. Next to Run:, there is a text box. Copy and paste the details of this text box field in your next reply.

A screenshot for you - http://xs126.xs.to/xs126/08172/task591.png

Please post back another DSS log in your next reply.

 

[ndmmxiaomayi]

Hi again,

NAV warned of a process GetFolder process inkread.vbs I blocked the action it also wanted to access the Internet so I blocked it was this right? I do not like any processes that do things without explanation!

When did this occur?

 

[chelley]

I only have 1 software firewall per machine!

Hi again,


(NAV warned of a process GetFolder process inkread.vbs I blocked the action it also wanted to access the Internet so I blocked it was this right? I do not like any processes that do things without explanation! )

When did this occur?

QUOTE]

This occured while running DSS.EXE

also I don't have 2 firewalls, (Do not currently have Symantec Firewall) It may be old data in my registry from when I once used another firewall

I think the virus was in the Java logs as now all my PC's are working again on the Internet I ran the DSS.exe on my other pc's saving the logs locally and after rebooting they all seem to be working normally again ) of coarse I don't know for sure if they are simply hiding somewhere waiting to come back to life. But I have now got teatimer installed and active on all my pc's so hopefully it will block further intrusions!

 

[chelley]

Wizmo.exe is a tool I got from grc.com

I don't think Wizmo.exe is a threat I got it because in the past I have been unable to shut down my PC this tool is a custom tool that allows certain commands to be sent to windows in an un-conditional way and has helped me shut down windows safely or at a sheduled time using the windows Scheduler
http://www.grc.com/wizmo/wizmo.htm


I tried to run DSS.EXE on windows ME but it will not run so that system maybe still infected I don't know, that system is on a multiboot partition however I have a disk image for that HD stored on DVD so I could restore it from there, fortunately I rarely use win-me anyway.

Chelle

 

[ndmmxiaomayi]

I was just doing routine windows 2000 Disk Cleanup on my other main PC and Nod popped up a warning in red here is the error!

Time Module Object Name Threat Action User Information
21/04/2008 23:03:23 AMON file C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-34a056af Java/TrojanDownloader.OpenStream.NAC trojan deleted SERVE2\Administrator Event occurred at an attempt to access the file by the application: C:\WINNT\System32\cleanmgr.exe.


it seems I can't get rid of these things?


Chelle

Java cache should be easy to get rid of. We will do that in a while.

This occured while running DSS.EXE

This belongs to DSS. It's not inkread.vbs, but lnkread.vbs (small letter L). You can try running it again and see if Symantec catches that. Small letter L and capital letter I looks the same with some fonts.

also I don't have 2 firewalls, (Do not currently have Symantec Firewall) It may be old data in my registry from when I once used another firewall

Norton Internet Security comes with a firewall as far as I'm aware and it's showing up in your logs.

So you have a Norton Firewall, as well as Sunbelt Kerio Firewall.

Since you opt to keep Norton Antivirus, Norton Firewall will be kept as well. I can't see any ways to uninstall Norton Firewall without removing Norton Antivirus as well.

The best is to remove Sunbelt Kerio Firewall.

I don't think Wizmo.exe is a threat I got it because in the past I have been unable to shut down my PC this tool is a custom tool that allows certain commands to be sent to windows in an un-conditional way and has helped me shut down windows safely or at a sheduled time using the windows Scheduler
http://www.grc.com/wizmo/wizmo.htm

Great!

I'm not sure what this scheduled task is so I needed you to double check. Now that you know, it's fine with me.

I tried to run DSS.EXE on windows ME but it will not run

My bad.

It can't run on machines below Windows 2000.

I will find another tool for it.

 

[chelley]

Well their is only Kerio installed

I don't have Symantec firewall those entries are redundant and associated to NAV in my Add Remove Programs their is no listing of Symantec Firewall!

I think I am clean of the virus so far since Running DSS.exe and HJT it must have being in the temp files or something ? it's strange but so far things are working ok, what we really need is a tool that can record all history of process activity I think, this might give us a clue as to what is not supposed to be there.

Chelle

 

[chelley]

I will run DSS.exe again to see

I will run the file again, and see if any more warnings come up!

Chelle