Email and all Uploading of Media and more than 20 lines of text blocked

Yes there is still that lnkread.vbs

Somewhere it is hiding and coming back is the following, I copied it directly from the NAV history log. This is for the Win XP machine Same as before Machine ID Venus it happened after running DSS.EXE Nav popped up another Warning the top listings you might want to copy and paste this into an unwrapped text file!

Category: Threat alerts
Date,Feature,Threat Name,Action Taken,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
26/04/2008 04:54:34,Script Blocking,Suspicious script,Blocked,Script,N/A,FileSystem Object : GetFolder,Unknown,Unknown,Julie OSG,VENUS6,Source: C:\DOCUME~1\JULIEO~1\LOCALS~1\Temp\~tixzxio.tmp\lnkread.vbs
21/04/2008 19:52:53,Script Blocking,Suspicious script,Blocked,Script,N/A,FileSystem Object : GetFolder,Unknown,Unknown,Julie OSG,VENUS6,Source: C:\DOCUME~1\JULIEO~1\LOCALS~1\Temp\~sumhdrf.tmp\lnkread.vbs
 
lnkread.vbs belongs to DSS as mentioned earlier, so no harm. ;)

I don't have Symantec firewall those entries are redundant and associated to NAV in my Add Remove Programs their is no listing of Symantec Firewall!
Click to expand...

Hmm... looks like a false report. You can keep your Sunbelt Kerio Firewall.

The logs fine to me.

Step 1

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the Windows tab, leave the default options alone.
  4. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  5. Click on the Run Cleaner button at the bottom right hand corner.
  6. Close CCleaner.

Step 2

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

In your next reply, please post:

  1. Malwarebytes' Anti-Malware scan report
  2. A new HijackThis log
 
New Scans done with CCleaner & Malwarebytes LOGS

Malwarebytes' Anti-Malware 1.11
Database version: 694

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 194922
Time elapsed: 1 hour(s), 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
New Scans done with CCleaner & Malwarebytes LOGS

Deckard's System Scanner v20071014.68
Run by Julie OSG on 2008-04-29 00:11:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.51 GiB (less than 15%) free.


-- HijackThis (run as Julie OSG.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11:22, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\Program Files\RivaTuner v2.02\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\ENTA2\EntaTool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\FRAPS\FRAPS.EXE
C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\Program Files\Wheels\WheelKeys.exe
C:\Documents and Settings\Julie OSG\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Documents and Settings\Julie OSG\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JULIEO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.youtube.com/my_videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nasa.gov/multimedia/nasatv/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Dimension4] F:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [EntaTool] "F:\Program Files\ENTA2\EntaTool.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
O4 - Startup: Shortcut to WheelKeys.lnk = C:\Program Files\Wheels\WheelKeys.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Julie OSG\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1187835168890
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187835138281
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5105/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O17 - HKLM\System\CS3\Services\Tcpip\..\{3840A771-FA93-4272-B583-FE3C5376C67D}: NameServer = 192.168.1.1,192.168.1.14
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11525 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-28 22:41:52 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\Malwarebytes
2008-04-28 22:41:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 22:41:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 22:39:14 0 dr-h----- C:\Documents and Settings\Julie OSG\Recent
2008-04-28 22:34:49 0 d-------- C:\Program Files\CCleaner
2008-04-28 20:10:17 0 d-------- C:\Program Files\FXhome CompositeLab Pro
2008-04-19 13:38:18 0 d-------- C:\Program Files\Trend Micro
2008-04-19 05:47:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 05:47:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 21:56:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-17 21:56:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-17 20:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-17 20:44:12 0 d-------- C:\Program Files\Common Files\iS3
2008-04-17 20:44:12 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-15 02:50:05 0 d-------- C:\Program Files\Google Video
2008-04-14 03:56:57 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\Talkback
2008-04-14 03:56:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 03:56:30 2818 --a------ C:\WINDOWS\mozver.dat
2008-04-14 03:56:30 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\Mozilla
2008-04-08 05:57:16 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\KWorld Multimedia
2008-04-08 05:56:27 0 d-------- C:\Program Files\KWorld Multimedia
2008-04-08 05:47:31 945920 --a------ C:\WINDOWS\system32\drivers\3xHybrid.sys <Not Verified; NXP Semiconductors Germany GmbH; NXP Semiconductors 3xHybrid>
2008-04-08 04:54:33 0 d-------- C:\Program Files\V-Stream Multimedia
2008-04-07 23:54:55 49152 --a------ C:\WINDOWS\p3xunist.exe <Not Verified; Kworld Computer Co., Ltd.; TV713X BDA Uninstallation Program>
2008-04-07 23:54:38 28448 -ra------ C:\WINDOWS\system32\drivers\PhTVTune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
2008-04-07 23:54:10 358016 -ra------ C:\WINDOWS\system32\drivers\Cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
2008-04-07 23:53:59 106571 -ra------ C:\WINDOWS\system32\Prop7134.dll <Not Verified; Philips Semiconductors; Philips Prop7134>
2008-04-07 23:53:58 24576 -ra------ C:\WINDOWS\system32\34pciurd.dll <Not Verified; Philips Semiconductors; Philips 34PCIurd>
2008-04-07 23:53:58 24576 -ra------ C:\WINDOWS\system32\34i2curd.dll <Not Verified; Philips Semiconductors; Philips 34I2Curd>
2008-04-07 23:53:58 36864 -ra------ C:\WINDOWS\system32\34ds.dll <Not Verified; Philips Semiconductors; 34ds>
2008-04-07 23:53:58 290816 -ra------ C:\WINDOWS\system32\34dlg2.dll <Not Verified; Philips Semiconductors; dialog3 Dynamic Link Library>
2008-04-07 23:53:57 98304 -ra------ C:\WINDOWS\system32\34dialog.dll <Not Verified; Philips Semiconductors; 34dialog>
2008-04-07 23:53:56 77824 -ra------ C:\WINDOWS\system32\34dd.dll <Not Verified; Philips Semiconductors; 34dd>
2008-04-07 23:53:56 114688 -ra------ C:\WINDOWS\system32\34com.dll <Not Verified; Philips Semiconductors; VampCOM Module>


-- Find3M Report ---------------------------------------------------------------

2008-04-28 20:20:54 0 d-------- C:\Program Files\FXhome VisionLab Studio
2008-04-28 14:15:36 5112 --a------ C:\WINDOWS\GPCIDrv.sys
2008-04-28 14:15:28 0 dr------- C:\Program Files\Common Files
2008-04-25 16:55:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 16:55:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 00:38:15 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\flightgear.org
2008-04-11 23:27:02 0 d-------- C:\Documents and Settings\Julie OSG\Application Data\gtk-2.0
2008-02-13 01:06:07 3447 --a------ C:\WINDOWS\unins000.dat
2008-02-13 01:03:36 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [27/07/2004 17:01 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
"RivaTunerStatisticsServer"="C:\Program Files\RivaTuner v2.02\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [01/07/2007 20:20]
"RivaTuner"="C:\Program Files\RivaTuner v2.02\RivaTuner.exe" [01/07/2007 20:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 17:22]
"nwiz"="nwiz.exe" [01/06/2006 17:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 17:22 C:\WINDOWS\SYSTEM32\nvmctray.dll]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 16:30]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [06/09/2006 14:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/01/2008 12:42]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [21/11/2007 01:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"Dimension4"="F:\Program Files\D4\D4.exe" [04/02/2004 02:26]
"EntaTool"="F:\Program Files\ENTA2\EntaTool.exe" [20/07/2007 22:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/05/2007 09:27]
"Fraps"="C:\FRAPS\FRAPS.EXE" [19/12/2006 14:02]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [10/09/2004 03:12]
"Google Update"="C:\Documents and Settings\Julie OSG\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [18/04/2008 03:00]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [25/05/2005 12:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]

C:\Documents and Settings\Julie OSG\Start Menu\Programs\Startup\
Remote Control.lnk - C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [08/04/2008 18:49:47]
Shortcut to WheelKeys.lnk - C:\Program Files\Wheels\WheelKeys.exe [26/05/2007 09:03:27]
YouTube Uploader.lnk - C:\Documents and Settings\Julie OSG\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [09/11/2007 13:33:08]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background




-- End of Deckard's System Scanner: finished at 2008-04-29 00:14:43 ------------
 
I have noticed my Adaware has started failing to update?

Not sure if it is something we have done in the cleaning process or if it is another cause by now my Adaware SE is now failing to retrieve updates, It might just need re-installing maybe?

Anyway I am duplicating these cleaning processes on my other PC's to avoid having to go through this all over again if any of my other systems found anything significant I would post an extra log but they also show almost identical results as above and not threats found ;) which is good as my systems do seem to be running much better now, I just need to run these tools on Win98 / ME now if they will work on those ?

Or maybe you have alternate tools for win98se / me :rolleyes:

Chelle
 
I just need to run these tools on Win98 / ME now if they will work on those ?

Or maybe you have alternate tools for win98se / me
Click to expand...

These tools don't work on Windows 98 and ME.

I will have to ask around.
 
Hi,

Let's try this on the Windows 98 machine first.

First, download and install Windows Management Instrumentation (WMI) for Windows 98.

After that, restart your computer.

Next...

  1. Right click here and select Save Link As... (In Internet Explorer it is Save Target As...).
  2. Save it to your desktop. Double click on Silent Runners.vbs to run it.
  3. When prompted to Skip Supplementary Search?, click No.
  4. When prompted to Are you sure?, click Yes.
  5. Another dialog box will open. Just click OK.
  6. Once done, a dialog box will pop up and tell you that it's done. Click OK. Notepad will open. Please post the contents of this Notepad file in your next reply.

Note: If Notepad doesn't open automatically, you can find the report from where you ran Silent Runners from. For example, you ran Silent Runners from your desktop. The report can be found on your desktop.
 
Sorry for delay - My other Win2k Bedroom PC Keeps Crashing

Hi, I am going to run the Win98 tools on the Bedroom PC soon, but having duplicated the process of cleaning the Windows 2000 bedroom PC and running Spybot S&D afterwards I keep getting a stop error - blue screen crash so this is diverting my attention a bit :o( I am trying to figure out why this is happening maybe something is also infecting this pc or it could be a driver issue not sure yet, I am going to try re-installing S&D first on this 2k pc before tackling w98se which is on the other Boot partition! I am trying these fixes on this machine first because it is safer to do so as a test.

Chelle
 
Spybot S&D Found something

Here is part of the log, as it is very large 122kb if you want all the log let me know? Spybot said Virtumonde is a threat and hard to remove :sad: Shall I allow S&D to try and remove ?

--- Search result list ---
Virtumonde.generic: [SBI $83E7EBAA] Library (File, nothing done)
C:\WINNT\system32\dlcapi.dll

Virtumonde.generic: [SBI $83E7EBAA] Library (File, nothing done)
C:\WINNT\system32\DLLHOST.EXE

Virtumonde.generic: [SBI $83E7EBAA] Library (File, nothing done)
C:\WINNT\system32\dllhst3g.exe

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINNT\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINNT\ntbtlog.txt

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINNT\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINNT\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINNT\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINNT\System32\wbem\logs\wmiadap.log

--- Browser helper object list ---


--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINNT\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 29/08/2007 15:49:54
Date (last access): 01/05/2008 01:41:38
Date (last write): 29/08/2007 15:49:54
Filesize: 950272
Attributes: archive
MD5: BC915C49931CE46222F9B0A7EFB56CEE
CRC32: 11048171
Version: 5.0.98.0



Chelley
 
Hi chelley,

Can we focus one PC at a time? It's making me confused. :sad:

I will get to your Windows 2000 PC after I cleared your Windows 98 machine. In the meantime, leave the Windows 2000 PC alone first.

Please post back the Silent Runners log from the Windows 98 PC first.

Thanks.
 
I'm sorry if I am making you confused

The problem is I can't seem to boot my Venus6 PC into windows 98se on the other boot partition it has been a while since I booted into w98se on this PC and I am not sure if it is related to new hardware installed recently? I have 2GB of ram which is now in Dual Channel Memory Mode and I wonder if Win98se does not know how to handle this? I can boot into win2k on same hardware and XP but not win98se I have tried safe mode as well but it gives same error! After the Boot screen I get this error

Quote:
"Insufficient memory to initialize Windows.

Quit one or more memory-resident programs or remove unnecessary
utilities from your CONFIG.SYS and AUTOEXEC.BAT files, and restart
your computer.

Press any key to continue..."

I have looked at my Autoexec.bat and config.sys files and thier is nothing in their which is unusual or extra to default settings?

So Unless I can boot into win98se on this pc we can't clean it :sad: I am baffled by this problem their should be plenty of memory.

Chelley
 
Hi,

Windows 98 can't support so much RAM, that's why you are getting an error.

There are 2 ways out, I will try the easier way out first.

How many sticks of RAM do you have? Preferably each stick is less than 512MB.
 
Ram

Thanks you are so kind for helping me, Each stick of ram is 1GB I had to install a matching pair for dual channel memory mode, I did have a 512mb memory stick in before which is now in my older pc.

Chelley
 
Hi,

Can you try using 512MB of RAM instead of 2GB. After that, try starting up Windows 98. It shouldn't give that error any more.
 
I am thinking of dumping Windows 98 and Installing Linux in that Partition

Sorry for the delay, I have been tied up with another machine that belongs to a friend she also has a virus it was so bad we had to format, I don't want to get cross threaded so can you give me a few days before we continue with my problems? I am just trying to find Drivers for her PC atm which is proving hard work as it is a MESH PC, again sorry to be holding things up!

I am now waiting for MESH to send me the drivers... hopefully ...

I thought about starting a new thread as it was a Virus, but then it got very urgent so we just burned to DVD via the LAN her important art work and documents and re-formatted before she lost anything. Used a Demo version of Sophos to try and fix her PC with no luck!

chelley
 
Just an Update something usefull

While I was trying to fix my friends computer I came across a Program called Sophos it is very good and managed to clean out most of my virus infections aswell and because they give a 30 day free trial and it comes with a firewall I have to say I am very impressed with the result. Anyone can get a free trial and if people have never tried it I suggest they give it a go it has even picked up nasty application behaviours that are not normally detected.

People need to register though it's free to register for the trial.

http://www.sophos.com/products/enterprise/free-trials/endpoint/

It has flagged up some rather interesting information it even told me an NVidia driver supplied by MSI had some suspicious behaviour and blocked it, it was just incredible how good this program is.

regards, chelley
 
ndmmxiaomayi hiya

Dear ndmmxiaomayi,

I have 3 Windows PC's each has Multi Booting partition tables with Windows 98SE / Windows 2k or XP / and 1 Debian Linux PC which is a server for flightgear 4 Pc's all networked together don't worry I think we got rid of the Virus's now as I followed your instructions, I still have to check the Windows 98 partitions though as I don't use those systems much. Because I make movies I need to be able to do multitasking quite a bit.

The oldest one I just use as a Text based word processing pc and for downloads, the second is my Multimedia PC and the third is my old back up PC I use as a spare when the others are busy with other tasks.

And was just fixing my friends PC which got a virus that is cured now as I did a fresh Install for her.

Chelle
 
You must log in or register to reply here.
Back
Top