Hi Rorschach112,
Many thanks for this. I am very pleased, and feel that we’ve made some real progress.
As requested, I did a system scan with Hijack This, and fixed the “active.dll (file missing)” selection. Then, I downloaded, installed and and ran Malwarebytes. It found three infections, which it fixed. Here is the Malwarebytes log :
Malwarebytes' Anti-Malware 1.10
Database version: 593
Scan type: Full Scan (A:\|C:\|E:\|)
Objects scanned: 58198
Time elapsed: 10 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
That’s the end of the Malwarebytes log. Next, I downloaded and ran Deckard’s System Scanner. Here are the two logs, main.txt :
Deckard's System Scanner v20071014.68
Run by PC on 2008-04-06 16:51:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
57: 2008-04-06 13:51:52 UTC - RP83 - Deckard's System Scanner Restore Point
56: 2008-04-05 14:17:12 UTC - RP82 - System Checkpoint
55: 2008-04-04 14:00:23 UTC - RP81 - ComboFix created restore point
54: 2008-04-03 14:00:38 UTC - RP80 - ComboFix created restore point
53: 2008-04-02 14:30:23 UTC - RP79 - ComboFix created restore point
-- First Restore Point --
1: 2008-01-07 16:52:32 UTC - RP27 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).
-- HijackThis (run as PC.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:17 PM, on 4/6/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Quicktime\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Pando\Pando.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DeckardsSS\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PC.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Quicktime\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://secure.gestrip.com (HKLM)
O15 - Trusted Zone:
http://update.randhi.com (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6059 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080404-165150-323 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
backup-20080404-165150-241 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
backup-20080404-165150-415 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
backup-20080404-165150-230 O2 - BHO: (no name) - {A4FB0C19-3FF7-41B3-B5CC-483822DD6292} - C:\WINDOWS\System32\actived.dll
backup-20080404-165150-928 O4 - HKLM\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
backup-20080404-165150-195 O4 - HKLM\..\RunServices: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
backup-20080404-165150-394 O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
backup-20080404-165150-810 O16 - DPF: {33331111-1111-1111-1111-611111193423} -
backup-20080404-165151-117 O16 - DPF: {33331111-1111-1111-1111-611111193429} -
http://www.www2.p0rt...les/_ipsec_.cab
backup-20080404-165151-204 O16 - DPF: {33331111-1111-1111-1111-615111193427} -
backup-20080404-165151-824 O16 - DPF: {33331111-1131-1111-1111-611111193428} -
backup-20080404-165151-252 O16 - DPF: {33331111-1234-1111-1111-615111193427} -
http://www.www2.p0rt...iles/epl7bd.cab
backup-20080404-165151-153 O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
backup-20080405-191224-457 O2 - BHO: (no name) - {A4FB0C19-3FF7-41B3-B5CC-483822DD6292} - C:\WINDOWS\System32\actived.dll (file missing)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S2 Nbf (NetBEUI Protocol) - c:\windows\system32\drivers\nbf.sys (file missing)
S3 alcan5ln (SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS)) - c:\windows\system32\drivers\alcan5ln.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 catchme - c:\docume~1\pc\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-03-06 and 2008-04-06 -----------------------------
2008-04-05 19:16:35 0 d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
2008-04-05 19:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-05 16:58:33 0 d-------- C:\DeckardsSS
2008-04-05 16:57:48 0 d-------- C:\Malwarebytes
2008-04-04 17:04:59 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-02 17:29:59 68096 --a------ C:\WINDOWS\System32\zip.exe
2008-04-02 17:29:59 98816 --a------ C:\WINDOWS\System32\sed.exe
2008-04-02 17:29:59 80412 --a------ C:\WINDOWS\System32\grep.exe
2008-04-02 17:29:59 73728 --a------ C:\WINDOWS\System32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-27 16:55:26 0 d-------- C:\Program Files\Trend Micro
2008-03-16 16:45:53 0 d-------- C:\Sp-Fm
2008-03-08 12:09:19 0 d-------- C:\Clips-Misc
-- Find3M Report ---------------------------------------------------------------
2008-02-07 19:35:26 0 d-------- C:\Documents and Settings\PC\Application Data\vlc
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [05/21/2003 01:17 AM]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" []
"Cmaudio"="cmicnfg.cpl" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [01/26/2004 11:38 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/15/2004 05:26 PM]
"iTunesHelper"="C:\Quicktime\iTunesHelper.exe" [10/18/2005 11:58 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/08/2005 08:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 08:52 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [03/31/2003 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/07/2007 06:47 PM]
"Pando"="C:\Pando\Pando.exe" [02/09/2008 02:02 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [1/1/2006 6:09:47 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
-- End of Deckard's System Scanner: finished at 2008-04-06 16:52:38 ------------
Now, extra.txt :
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 447.48 MiB / 173.63 MiB
Pagefile Memory (total/avail): 674.85 MiB / 461.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.2 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 19.94 GiB total, 4.94 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 18.33 GiB total, 13.23 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 19.95 GiB - C:
\PARTITION1 - Unknown - 18.34 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is not configured.
AUState says computer is in an unknown state.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PC\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC1
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PC
LOGONSERVER=\\PC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PC\LOCALS~1\Temp
TMP=C:\DOCUME~1\PC\LOCALS~1\Temp
USERDOMAIN=PC1
USERNAME=PC
USERPROFILE=C:\Documents and Settings\PC
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
PC
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Classic --> C:\VIEWER\ACDSEE32\UNWISE.EXE C:\VIEWER\ACDSEE32\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-CEA000000001}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x9
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CCleaner (remove only) --> "C:\CCleaner\uninst.exe"
Digital Camera Driver --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Flash Movie Player 1.5 --> C:\Flashplayer\Flash Movie Player\uninst.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
jambientFREE --> C:\WINDOWS\st6unst.exe -n "C:\Music\ST6UNST.LOG"
LUMIX Simple Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Malwarebytes\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
Pando Toolbar --> rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SiS 650_650GL_650GX_651 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.18\DeIsL1.isu"&P.U 4 xvga.in&-1
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy 1.4 --> "C:\Spybot\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6d --> C:\VLC Media Player\VLC\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\WinZip\winzip32.exe /uninstall
XviD MPEG-4 Video Codec --> C:\Codex-XviD\XviD\unins000.exe
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1839 / Error
Event Submitted/Written: 04/05/2008 08:19:44 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module pandoieplugin.dll, version 1.5.0.0, fault address 0x00016fea.
Event Record #/Type1835 / Error
Event Submitted/Written: 04/04/2008 00:59:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module pandoieplugin.dll, version 1.5.0.0, fault address 0x00016fe8.
Event Record #/Type1823 / Warning
Event Submitted/Written: 03/30/2008 07:33:08 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1819 / Warning
Event Submitted/Written: 03/29/2008 04:01:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1816 / Error
Event Submitted/Written: 03/29/2008 08:10:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module pandoieplugin.dll, version 1.5.0.0, fault address 0x00016fe8.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type23519 / Error
Event Submitted/Written: 04/06/2008 02:46:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NetBEUI Protocol service failed to start due to the following error:
%%2
Event Record #/Type23512 / Error
Event Submitted/Written: 04/05/2008 07:29:00 PM
Event ID/Source: 11 / PlugPlayManager
Event Description:
The device Root\LEGACY_WUBNO\0000 disappeared from the system without first being prepared for removal.
Event Record #/Type23497 / Error
Event Submitted/Written: 04/05/2008 09:06:47 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
PCIIde
Event Record #/Type23496 / Error
Event Submitted/Written: 04/05/2008 09:06:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NetBEUI Protocol service failed to start due to the following error:
%%2
Event Record #/Type23480 / Error
Event Submitted/Written: 04/05/2008 08:06:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NetBEUI Protocol service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-04-06 16:52:38 ------------
Finally, you asked how my PC is running. It improved a lot after we ran ComboFix for the very first time, a few days ago, but I could see from the scans that the infection was still there. The PC is running beautifully now, and my AVG anti virus software also seems to be happy. It is not tormenting me with warnings any more !
What do you think of these latest logs? Many thanks.
Regards,
Mike