Trojan.Virtumod.11 - Free Antivirus Forum

Trojan.Virtumod.11

BullGuard Antivirus Forum > Virus Removal > Removal Help > Trojan.Virtumod.11

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

AllPhillyFan
New Member

Date Joined Jun 2008
Total Posts : 5

Posted 7-26-2008 3:09 (GMT +1)

Hi everyone, I got advice to come here for my issues with this virus that hasn't been deleted by StopSign which was the virus scan that i had on this computer till I downloaded all the things from before posting a log thread. Here's my hijackthis log and my SUPERAntiSpyware log with hijackthis first.

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\Program Files\eAcceleration\Firewall\FWService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Acceleration Software\StopSignProducts\SystemProtect\stopsignprotect.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\eAcceleration\OnAccess\OnAccess.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eAcceleration\OnAccess\dguard.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\YBO12RY8\HiJackThis[1].exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon-online.aol.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: pvnsmfor - {DD8FEC5A-8976-438D-B6C9-F10CE205D78F} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon0.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSystemProtect] "C:\Program Files\Acceleration Software\StopSignProducts\SystemProtect\stopsignprotect.exe" /Startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201224075\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\OnAccess.exe" -e
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201115750431
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/25/2008 at 09:39 PM

Application Version : 4.15.1000

Core Rules Database Version : 3516
Trace Rules Database Version: 1507

Scan type : Complete Scan
Total Scan Time : 00:27:25

Memory items scanned      : 483
Memory threats detected   : 0
Registry items scanned    : 5619
Registry threats detected : 10
File items scanned        : 22087
File threats detected     : 54

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}\InprocServer32
HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}\InprocServer32#ThreadingModel
C:\PROGRA~1\EACCEL~1\ONACCESS\SEHK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{67ac2c4f-fbcf-402c-8839-da79ecdf0e54}
HKCR\CLSID\{67AC2C4F-FBCF-402C-8839-DA79ECDF0E54}
HKCR\CLSID\{67AC2C4F-FBCF-402C-8839-DA79ECDF0E54}\InprocServer32
HKCR\CLSID\{67AC2C4F-FBCF-402C-8839-DA79ECDF0E54}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XDWZDY.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A9915388-9F53-4BE3-85CD-BB3B04E626AD}\RP66\A0030415.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A9915388-9F53-4BE3-85CD-BB3B04E626AD}\RP66\A0030416.DLL
C:\WINDOWS\SYSTEM32\RJUHCDCF.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Melissa\Cookies\melissa@indextools[2].txt
C:\Documents and Settings\Melissa\Cookies\melissa@adserver[1].txt
C:\Documents and Settings\Amber\Cookies\amber@doubleclick[1].txt
C:\Documents and Settings\Amber\Cookies\amber@serve.clickbooth[1].txt
C:\Documents and Settings\Amber\Cookies\amber@ad.yieldmanager[2].txt
C:\Documents and Settings\Amber\Cookies\amber@trafficdashboard[2].txt
C:\Documents and Settings\Amber\Cookies\amber@interclick[2].txt
C:\Documents and Settings\Amber\Cookies\amber@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Amber\Cookies\amber@atdmt[2].txt
C:\Documents and Settings\Amber\Cookies\amber@hypertracker[1].txt
C:\Documents and Settings\Amber\Cookies\amber@publishers.clickbooth[2].txt
C:\Documents and Settings\Amber\Cookies\amber@www.paypal-media[2].txt
C:\Documents and Settings\Amber\Cookies\amber@rotator.adjuggler[1].txt
C:\Documents and Settings\Amber\Cookies\amber@tacoda[2].txt
C:\Documents and Settings\Amber\Cookies\amber@adrevolver[3].txt
C:\Documents and Settings\Amber\Cookies\amber@adrevolver[2].txt
C:\Documents and Settings\Amber\Cookies\amber@paypal-media[1].txt
C:\Documents and Settings\Amber\Cookies\amber@stat.dealtime[2].txt
C:\Documents and Settings\Amber\Cookies\amber@ad.associatedcontent[1].txt
C:\Documents and Settings\Amber\Cookies\amber@edge.ru4[2].txt
C:\Documents and Settings\Amber\Cookies\amber@overture[1].txt
C:\Documents and Settings\Amber\Cookies\amber@advertising[2].txt
C:\Documents and Settings\Amber\Cookies\amber@specificclick[2].txt
C:\Documents and Settings\Amber\Cookies\amber@pathfinder[1].txt
C:\Documents and Settings\Amber\Cookies\amber@adbrite[1].txt
C:\Documents and Settings\Amber\Cookies\amber@advertising[1].txt
C:\Documents and Settings\Amber\Cookies\amber@revsci[2].txt
C:\Documents and Settings\Amber\Cookies\amber@ads.react2media[1].txt
C:\Documents and Settings\Amber\Cookies\amber@adopt.specificclick[1].txt
C:\Documents and Settings\Amber\Cookies\amber@adopt.euroclick[1].txt
C:\Documents and Settings\Amber\Cookies\amber@bs.serving-sys[1].txt
C:\Documents and Settings\Amber\Cookies\amber@ads.restaurantica[2].txt
C:\Documents and Settings\Amber\Cookies\amber@anad.tacoda[2].txt
C:\Documents and Settings\Amber\Cookies\amber@collective-media[2].txt
C:\Documents and Settings\Amber\Cookies\amber@apmebf[1].txt
C:\Documents and Settings\Amber\Cookies\amber@atwola[2].txt
C:\Documents and Settings\Amber\Cookies\amber@bizrate[2].txt
C:\Documents and Settings\Amber\Cookies\amber@click.cashengines[1].txt
C:\Documents and Settings\Amber\Cookies\amber@media.adrevolver[1].txt
C:\Documents and Settings\Amber\Cookies\amber@insightexpressai[1].txt
C:\Documents and Settings\Amber\Cookies\amber@media6degrees[2].txt
C:\Documents and Settings\Amber\Cookies\amber@perf.overture[1].txt
C:\Documents and Settings\Amber\Cookies\amber@serving-sys[1].txt

Trojan.Vundo-Variant/Small-V2
C:\WINDOWS\SYSTEM32\YQMAEBKI.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\HNJRLT4Q\pop[1].asx
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\SXU7SPMZ\pop[1].swf
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\O7H7AY39\play2[1].jpg
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\6L8ZE9EL\CAD0W3HT.htm
C:\Documents and Settings\Amber\Local Settings\Temporary Internet Files\Content.IE5\GDARS9MJ\CANE8ZFX.htm

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-26-2008 6:35 (GMT +1)

Hello

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

AllPhillyFan
New Member

Date Joined Jun 2008
Total Posts : 5

Posted 7-27-2008 1:04 (GMT +1)

yeah I actually downloaded that program yesterday and it found a lot, here's the results from today.

Malwarebytes' Anti-Malware 1.23
Database version: 992
Windows 5.1.2600 Service Pack 3

8:03:44 PM 7/26/2008
mbam-log-7-26-2008 (20-03-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103152
Time elapsed: 34 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AllPhillyFan
New Member

Date Joined Jun 2008
Total Posts : 5

Posted 7-27-2008 1:06 (GMT +1)

Also I know have a ton of anti stuff on my computer since yesterday I have the Anti-Malware, SuperAntiSpyware, CCleaner, and StopSign. should I get rid of something?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-27-2008 2:14 (GMT +1)

Remove StopSign, and keep the others until You are done ;-)

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".

Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

AllPhillyFan
New Member

Date Joined Jun 2008
Total Posts : 5

Posted 7-27-2008 2:27 (GMT +1)

for some reason I'm getting this error saying that I can't name ComboFix as ComboFix, I didn't even designate a name for it.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-27-2008 3:03 (GMT +1)

Ok, let´s try another scanner then -

Download Deckard's System Scanner http://www.techsupportforum.com/sectools/Deckard/dss.exe
to your Desktop. Note: You must be logged onto an account with administrator privileges.

Double-click on dss.exe to run it, and follow the prompts.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt).

Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

AllPhillyFan
New Member

Date Joined Jun 2008
Total Posts : 5

Posted 7-27-2008 3:45 (GMT +1)

okay here's the stuff from that with main.txt first.

2008-06-10 19:26:55         0 d-------- C:\Program Files\Roxio
2008-06-10 01:23:51         0 d-------- C:\Documents and Settings\Melissa\Application Data\Roxio
2008-06-10 01:09:21         0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-10 01:06:16         0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-10 01:06:15         0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-10 01:02:45         0 d-------- C:\Program Files\DivX
2008-05-21 12:10:15    685328 --ahs---- C:\WINDOWS\system32\suBLnnmp.ini2
2008-05-20 22:50:43    777039 --ahs---- C:\WINDOWS\system32\jPVxwyay.ini2
2008-05-20 00:20:48    900860 --ahs---- C:\WINDOWS\system32\WDfNUvut.ini2
2008-05-10 13:38:18       552 --a------ C:\WINDOWS\system32\d3d8caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 09:17 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 09:13 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 09:17 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon0.dll" [12/10/2007 10:13 PM]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [12/19/2007 03:50 PM]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [12/19/2007 10:20 PM]
"StopSignSystemProtect"="C:\Program Files\Acceleration Software\StopSignProducts\SystemProtect\stopsignprotect.exe" [12/23/2004 01:14 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1201224075\ee\AOLSoftware.exe" []
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 02:30 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [10/27/2006 08:41 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/25/2006 11:11 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/25/2006 11:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/23/2008 05:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [02/19/2007 03:14 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\flQ62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-07-26 22:42:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 502.08 MiB / 235.98 MiB
Pagefile Memory (total/avail): 1225.32 MiB / 906.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 62.11 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA1 - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Melissa\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MICROSOF-BD646A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Melissa
LOGONSERVER=\\MICROSOF-BD646A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\AOL 9.0;C:\Program Files\Common Files\AOL\1201224075\ee;C:\Program Files\AOL 9.0;C:\Program Files\Common Files\AOL\1201224075\ee;C:\Program Files\AOL 9.0;C:\Program Files\Common Files\AOL\1201224075\ee;C:\Program Files\AOL 9.0;C:\Program Files\Common Files\AOL\1201224075\ee;C:\Program Files\AOL 9.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Melissa\LOCALS~1\Temp
TMP=C:\DOCUME~1\Melissa\LOCALS~1\Temp
USERDOMAIN=MICROSOF-BD646A
USERNAME=Melissa
USERPROFILE=C:\Documents and Settings\Melissa
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Melissa [I](admin)[/I]
Amber [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s
--> "C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe"
--> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll
--> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll
--> C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Toolbar 4.0 --> "C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\STC9IN41\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{70272964-C468-4C5F-8246-AA2CABA75941}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Stop-Sign System Protect --> "C:\Program Files\Acceleration Software\StopSignProducts\SystemProtect\stopsignprotect.exe" /Uninstall
StopSign by eAcceleration --> C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AddRemove
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Verizon Online DSL --> C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}

-- Application Event Log -------------------------------------------------------

Event Record #/Type3580 / Warning
Event Submitted/Written: 07/26/2008 06:59:23 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the DisplayUnlock method on subscription {73F0817C-A012-48BD-80E0-E5E9984F410D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type3579 / Warning
Event Submitted/Written: 07/26/2008 06:59:17 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the DisplayLock method on subscription {73F0817C-A012-48BD-80E0-E5E9984F410D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type3578 / Warning
Event Submitted/Written: 07/26/2008 06:59:17 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the StopScreenSaver method on subscription {73F0817C-A012-48BD-80E0-E5E9984F410D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type3577 / Warning
Event Submitted/Written: 07/26/2008 02:32:29 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the StartScreenSaver method on subscription {73F0817C-A012-48BD-80E0-E5E9984F410D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type3576 / Warning
Event Submitted/Written: 07/26/2008 02:22:12 AM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the DisplayUnlock method on subscription {73F0817C-A012-48BD-80E0-E5E9984F410D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type6823 / Warning
Event Submitted/Written: 07/26/2008 11:35:30 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6667 / Error
Event Submitted/Written: 07/25/2008 03:28:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type6666 / Error
Event Submitted/Written: 07/25/2008 03:28:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type6665 / Error
Event Submitted/Written: 07/25/2008 02:58:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type6664 / Error
Event Submitted/Written: 07/25/2008 02:58:31 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

-- End of Deckard's System Scanner: finished at 2008-07-26 22:42:49 ------------

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 7-28-2008 7:44 (GMT +1)

Please post extra.txt

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Forum Information

Currently it is Wednesday, December 03, 2008 7:13 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 75 reply posts. View Active Threads