Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help! Spyware Keeps Returning (hijackthis Log)

Started by Kevin G , Jul 10 2007 08:20 PM

  • Please log in to reply
42 replies to this topic

#31 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 20 July 2007 - 08:28 PM

Fully installed Zango toolbar found and removed in that - any chance removal of this aided the access issue? GMER only shows ZoneAlarm, and activity with the Adobe Type Manager service. I had never actually seen that service before active in logs - do you know of any recent Adobe software changes done on this system?

    Advertisements

Register to Remove

#32 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 21 July 2007 - 09:57 AM

nope the Zango removal didn't change anything in access issues. But I do find it interesting that you saw Zone alarm stuff, as it did used to be on here. and as far as adobe changes recently there were none that i know of.

#33 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 21 July 2007 - 03:05 PM

This then might be an issue of a partially uninstalled ZA package there - a pretty standard solution is to reinstall and then uninstall again, but let's see what that services is about as far as status first.


Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool (scroll down the page to locate it). Type (or copy/paste) vsdatant in the dialog box. Let it run and after a few minutes, a prompt will appear. Click OK to write the results to Notepad and post them back here please.

Best to do a check for ATMhelpr as well, since I am not accustomed to seeing that in GMER logs until now.

#34 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 July 2007 - 06:19 AM

REGEDIT4 ; RegSrch.vbs � Bill James ; Registry search results for string "vsdatant" 7/22/2007 8:11:54 AM ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSDATANT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSDATANT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSDATANT00] "Service"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSDATANT00] "DeviceDesc"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSDATANT00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vsdatant] "EventMessageFile"="C:\\WINDOWS\\system32\\vsdatant.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant] "DisplayName"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00] "Service"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00] "DeviceDesc"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSDATANT00\Control] "ActiveService"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vsdatant] "EventMessageFile"="C:\\WINDOWS\\system32\\vsdatant.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsdatant] "DisplayName"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsdatant\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsdatant\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsdatant\Enum] "0"="Root\\LEGACY_VSDATANT\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_VSDATANT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_VSDATANT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_VSDATANT00] "Service"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_VSDATANT00] "DeviceDesc"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_VSDATANT00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\vsdatant] "EventMessageFile"="C:\\WINDOWS\\system32\\vsdatant.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vsdatant] "DisplayName"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vsdatant\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00] "Service"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00] "DeviceDesc"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSDATANT00\Control] "ActiveService"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vsdatant] "EventMessageFile"="C:\\WINDOWS\\system32\\vsdatant.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant] "DisplayName"="vsdatant" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant\Enum] "0"="Root\\LEGACY_VSDATANT\00" REGEDIT4 ; RegSrch.vbs � Bill James ; Registry search results for string "atmhelpr" 7/22/2007 8:13:55 AM ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ATMHELPR] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ATMHELPR00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ATMHELPR00] "Service"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ATMHELPR00] "DeviceDesc"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ATMHELPR00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATMhelpr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATMhelpr] "DisplayName"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00] "Service"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00] "DeviceDesc"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ATMHELPR00\Control] "ActiveService"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ATMhelpr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ATMhelpr] "DisplayName"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ATMhelpr\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ATMhelpr\Enum] "0"="Root\\LEGACY_ATMHELPR\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ATMHELPR] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ATMHELPR00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ATMHELPR00] "Service"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ATMHELPR00] "DeviceDesc"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ATMHELPR00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ATMhelpr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ATMhelpr] "DisplayName"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00] "Service"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00] "DeviceDesc"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ATMHELPR00\Control] "ActiveService"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATMhelpr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATMhelpr] "DisplayName"="ATMhelpr" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATMhelpr\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ATMhelpr\Enum] "0"="Root\\LEGACY_ATMHELPR\00"

#35 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 22 July 2007 - 08:02 AM

Good. In looking back through logs I can now see the ZA driver set for autostart, so for now let's make changes to that and assess after.




Please run Notepad and copy the following Code box text into a new file:
@ECHO OFF
cd %windir%
sc config vsdatant start= disabled
sc stop vsdatant
exit
Save the file to the desktop as servchange.bat and make sure the "Save as type" field says "All files".
Please double-click on servchange.bat. A window should open and close very quickly --- this is normal. Reboot after then for now just update if any subsequent issues occurred.



If you have any problematic situations arise with changing that service status just go to Start - Run, type cmd (and Enter) and type the following at the command prompt (Enter after).

sc start vsdatant


sc qc ATMhelpr > c:\locate.txt & start notepad c:\locate.txt
And we'll check the other. Again open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it servfind.bat

Where it says "Files of Type", select All Files and click on Save and save it to your desktop. Exit Notepad, Then Click on servfind.bat and allow it to run. A text box will open - please copy/paste the contents back here.

#36 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 July 2007 - 11:45 AM

Still No change in browsing. Here is the log [SC] GetServiceConfig SUCCESS SERVICE_NAME: ATMhelpr TYPE : 1 KERNEL_DRIVER START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : LOAD_ORDER_GROUP : Keyboard Class TAG : 0 DISPLAY_NAME : ATMhelpr DEPENDENCIES : SERVICE_START_NAME :

#37 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 22 July 2007 - 01:00 PM

Nothing amiss in that. Let's see what services are doing what right now.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.


1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar.
4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner).

Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.

Edited by Jintan, 22 July 2007 - 01:00 PM.

#38 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 July 2007 - 08:46 PM

Deckard's System Scanner v20070711.54
Run by William Bosch on 2007-07-22 at 22:39:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-23 02:39:31 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as William Bosch.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:40:49 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
F:\dss.exe
C:\PROGRA~1\HIJACK~1\William Bosch.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.22/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070710-213731-561 O4 - Global Startup: BlueFrog SuperCharged!.lnk = C:\Program Files\BlueFrog\supercharged.exe
backup-20070710-213731-781 O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BlueFrog\sc-core.exe"
backup-20070710-213731-864 O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
backup-20070710-213731-956 O4 - Global Startup: BlueFrog SuperCharged.lnk = C:\Program Files\BlueFrog\sc-gui.exe
backup-20070714-110455-496 O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
backup-20070714-110455-519 O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
backup-20070714-110455-716 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20070714-110455-799 O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
backup-20070714-110455-891 O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
backup-20070718-211310-664 O4 - HKLM\..\Run: [SQInstaller] C:\Program Files\STC\SQ_3394_3222.exeSQInstaller.exe
backup-20070718-211310-769 O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

S3 Amsmpu4p - c:\docume~1\willia~1\locals~1\temp\amsmpu4p.sys (file missing)
S3 catchme - c:\docume~1\willia~1\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TSP - c:\windows\system32\drivers\klif.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-22 02:02:00 276 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2007-06-22 and 2007-07-22 -----------------------------

2007-07-19 22:23:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-19 22:23:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-19 22:23:25 0 d-------- C:\Documents and Settings\William Bosch\Application Data\SUPERAntiSpyware.com
2007-07-19 22:23:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 23:35:01 0 d-------- C:\avenger
2007-07-16 22:33:25 7799 --a------ C:\dnsbak.reg
2007-07-15 22:06:33 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-15 20:13:35 0 dr-h----- C:\Documents and Settings\William Bosch\Recent
2007-07-15 20:09:59 0 d-------- C:\Program Files\Yahoo!
2007-07-15 20:05:15 23 --ahs---- C:\WINDOWS\system32\bfaacfff_r.dll
2007-07-15 14:54:32 0 d-------- C:\Documents and Settings\William Bosch\Application Data\Mozilla
2007-07-14 11:32:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-13 21:44:43 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-07-08 22:31:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-08 22:31:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-07-08 22:31:38 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-07-08 22:31:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-08 22:31:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-08 22:31:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-08 22:31:38 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-07-08 22:31:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-08 22:31:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-08 22:31:38 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-07-08 22:31:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-08 22:31:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-07-08 22:31:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-08 22:31:38 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-07-08 22:31:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-08 22:31:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-07-08 22:31:37 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-08 22:26:39 3224 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-01 18:36:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-01 11:53:13 0 d-------- C:\kav
2007-07-01 09:10:05 0 d-------- C:\Program Files\Kaspersky Lab
2007-07-01 09:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-06-29 08:47:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-29 08:19:45 0 d-------- C:\Documents and Settings\William Bosch\.housecall6.6
2007-06-29 08:16:00 0 d-------- C:\Documents and Settings\William Bosch\Application Data\HouseCall 6.6
2007-06-28 21:55:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


-- Find3M Report ---------------------------------------------------------------

2007-07-19 22:21:36 0 d-------- C:\Program Files\Lavasoft
2007-07-17 23:38:32 0 d-------- C:\Documents and Settings\William Bosch\Application Data\MSN6
2007-07-16 22:51:03 0 d-------- C:\Documents and Settings\William Bosch\Application Data\Identities
2007-07-15 13:55:36 0 d-------- C:\Program Files\Common Files\Logitech
2007-07-15 13:54:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-01 09:07:23 0 d-------- C:\Program Files\CA
2007-05-27 15:15:36 0 d-------- C:\Program Files\America's Army
2007-05-26 14:03:53 0 d-------- C:\Program Files\Cap'n Crunch
2007-05-25 07:54:18 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
"Lexmark 3100 Series"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"BCMSMMSG"="BCMSMMSG.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\



-- End of Deckard's System Scanner: finished at 2007-07-22 at 22:41:45 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 766 MiB / 425.61 MiB
Pagefile Memory (total/avail): 916.97 MiB / 687.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.57 MiB

C: is Fixed (NTFS) - 74.47 GiB total, 48.8 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT32)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\William Bosch\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.1\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THECLAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\William Bosch
LOGONSERVER=\\THECLAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA="C:\WINDOWS\system32\QTJava.zip"
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
USERDOMAIN=THECLAN
USERNAME=William Bosch
USERPROFILE=C:\Documents and Settings\William Bosch
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

William Bosch (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat Reader 3.01 --> C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL2.isu
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe PhotoDeluxe Home Edition 3.1 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.1\DeIsL2.isu" -c"C:\Program Files\PhotoDeluxe HE 3.1\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AmericasArmy --> MsiExec.exe /I{8A53F9E8-F459-47B0-AA99-D919CD48A304}
Baldur's Gate™ II - Shadows of Amn™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\setup.exe"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Britannica Ready Reference --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Delta Force 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force 2\Uninst.isu"
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EasyJob Resume Builder 2.790.1349 --> "C:\Program Files\EasyJob Resume Builder\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Freedom Fighters --> C:\PROGRA~1\EAGAME~1\FREEDO~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\FREEDO~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hoyle Classic Board Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Classic Board Games\Uninst.isu"
Icewind Dale --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Icewind Dale\Uninst.isu"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
JumpStart 2nd Grade v1.0 --> C:\WINDOWS\uninst.exe -fC:\KA\2G\DeIsL1.isu
JumpStart First Grade v2.6 --> C:\WINDOWS\IsUninst.exe -fC:\KA\FG\DeIsL2.isu
JumpStart Kindergarten v2.4b --> C:\WINDOWS\uninst.exe -fC:\KA\KG\DeIsL1.isu
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\William Bosch\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_13b46c31\Setup.exe /APR-REMOVE
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_13396ad0\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark 3100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NickToons Racing --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B4F81E0-9150-11D4-A594-0050BAC6946A}\setup.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Ofoto Easy Upload ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PhotoParade Player --> "C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
Quicken 2002 New User Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon� 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Scholastic's I SPY School Days --> C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
SeaWorld Adventure Park Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}\setup.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Star Wars Galactic Battlegrounds: Saga --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10133CDD-50B9-4783-B336-8B48F3653715}\Setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Print Shop� Pro Publisher 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0\psfinst.dll"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall


-- End of Deckard's System Scanner: finished at 2007-07-22 at 22:41:45 ---------

#39 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 23 July 2007 - 10:20 AM

Not any new info in that. Going back to your very first statement where running SmitFraudFix allowed scans to work, what was occurring back then where scans were not working?


Go here and download and run FindAWF.

When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

#40 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 23 July 2007 - 09:08 PM

Jintan, Well I tried FindAWF, and it did not find anything. So I went ahead and thought I would try one other thing. I have always thought it was somthig with the EZ-firewall that was on there at one point. So I went ahead and got another copy of the firewall, put it back on there, and Voilla, now I have internet access in Normal mode. So no I am uninstalling it and going with something like Kaspersky, but none the less It is fixed. Must have been somthing with the spybot Teatimer and a reg key that it wouldn't alow to be deleted when EZ-Firewall was removed. Thanks for all the Help I really appreciate you helping get rid of the spyware and such, and the extra work you put into seein if anything else was persistant. At this point what would your best recomendation be for his firewall, and Antivirus/spyware needs. Kaspersky, AVG? Thanks again.

    Advertisements

Register to Remove

#41 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 24 July 2007 - 11:20 AM

Ha - EZFirewall is a branded version of Zone Alarm Pro, and I only checked that after seeing your post here. Yes, TeaTimer's (or Spyware Guard's) blocks show pretty often in resulting corruption in threads here, so needs to be used with restraint, if used at all. Good you got the solution on that. But that's about as far an opinion of mine you might need as far as protective software choices, since what works for me on my systems may not necessarily be right for your friend. Level of skills needed to use the software, expense and how much time a person is willing to put into learning and maintaining are more important. As much as the ones like TeaTimer might be high time/skill demanding others like AVG requiring only updating and scheduled scanning might fit better. You can also find more ideas like this with Tony Klein's info here.

#42 Kevin G

Kevin G

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 July 2007 - 07:43 PM

Jintan, Thanks again for all the help, Yes CA is a branded versions of ZA pro. Basically I was looking for your opnion on the easy no maintenance anti-virus/spyware for my friend since he really doen't know a lot about it. I ended up puting AVG on. Not sure what I am going to do for a firewall. Myself I just setup a linux box as a firewall/router, but for him, I am thinking possibly kaspersky, and him going out and buying a hardware firewall too. Kevin

#43 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 25 July 2007 - 08:18 PM

Truly glad to assist in these request threads. Well, Zone Alarm is one of the free ones, and does get quite a few users, but it is good to have both hardware and software firewalls for the best security. Since you mention Linux, I am going to finally break down and just take a look at an Ubuntu install this weekend. I only mention Ubuntu because I burned an ISO for it, but, well, maybe it has been more than a year now. I am aware that there is a more user install friendly version with an updated GUI?

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·