1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Vista Home Premium cracked

Discussion in 'Malware and Virus Removal Archive' started by karma10, 2008/07/28.

  1. 2008/07/28
    karma10

    karma10 Inactive Thread Starter

    Joined:
    2008/07/28
    Messages:
    1
    Likes Received:
    0
    system breached, everything I write, sites I visit, bills I pay is mentioned in a spammed email. I
    it has been happening for about a year.

    _________________Deckard's System Scanner v20071014.68
    Run by Aubergine on 2008-07-28 20:03:44
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    11: 2008-07-28 15:12:49 UTC - RP76 - Scheduled Checkpoint
    10: 2008-07-26 20:17:00 UTC - RP75 - Scheduled Checkpoint
    9: 2008-07-26 02:04:28 UTC - RP74 - Windows Update
    8: 2008-07-23 17:23:09 UTC - RP73 - Scheduled Checkpoint
    7: 2008-07-15 13:33:14 UTC - RP72 - Scheduled Checkpoint


    -- First Restore Point --
    1: 2008-07-09 04:00:00 UTC - RP66 - Scheduled Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    HijackThis Clone ----------------------------------------------------------
    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-28 20:05:34
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\System32\Macromed\Flash\FlashUtil9b.exe
    C:\Windows\System32\taskeng.exe
    C:\Users\Aubergine\Desktop\Aubergine\Desktop\dss.exe
    C:\Windows\System32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070330
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1214772258\ee\AOLSoftware.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\AUBERG~1\appdata\local\temp\Low\HSPERF~1.SH! c:\users\AUBERG~1\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\AUBERG~1\appdata\local\temp\Low\HSPERF~1.SH! c:\users\AUBERG~1\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
    O15 - Trusted Zone: http://usa.kaspersky.com (HKCU)
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{7425427C-C41C-4341-AAAF-63A4973A77B5}: NameServer = 216.12.0.14 216.12.23.244
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
    O23 - Service: McAfee Application Installer Cleanup (0248681217285941) (0248681217285941mcinstcleanup) - Unknown owner - C:\Windows\TEMP\024868~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: is-HHF3J - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\is-HHF3J\is-HHF3J.exe
    O23 - Service: is-I3P5P - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\is-I3P5P\is-I3P5P.exe
    O23 - Service: is-K3F5P - Unknown owner - C:\Users\Public\Downloads\Kaspersky Lab Tool\is-K3F5P\is-K3F5P.exe
    O23 - Service: is-PPNJC - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\is-PPNJC\is-PPNJC.exe
    O23 - Service: is-UFA16 - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\is-UFA16\is-UFA16.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe



    End of file - 9011 bytes



    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------

    R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys

    S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


    Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
    R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

    S2 0248681217285941mcinstcleanup (McAfee Application Installer Cleanup (0248681217285941)) - c:\windows\temp\024868~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
    S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
    S4 is-HHF3J - "c:\users\public\desktop\kaspersky lab tool\is-hhf3j\is-hhf3j.exe" -r (file missing)
    S4 is-I3P5P - "c:\users\public\desktop\kaspersky lab tool\is-i3p5p\is-i3p5p.exe" -r (file missing)
    S4 is-K3F5P - "c:\users\public\downloads\kaspersky lab tool\is-k3f5p\is-k3f5p.exe" -r (file missing)
    S4 is-PPNJC - "c:\users\public\desktop\kaspersky lab tool\is-ppnjc\is-ppnjc.exe" -r (file missing)
    S4 is-UFA16 - "c:\users\public\desktop\kaspersky lab tool\is-ufa16\is-ufa16.exe" -r (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82562V 10/100 Platform LAN Connect
    Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&1&C8
    Manufacturer: Intel
    Name: Intel(R) 82562V 10/100 Platform LAN Connect
    PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&1&C8
    Service: e1express


    Scheduled Tasks

    2008-07-28 20:05:05 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{80659298-A1E3-47AA-A04B-F418789E308E}.job
    2008-07-27 09:00:06 386 --a------ C:\Windows\Tasks\McQcTask.job
    2008-06-24 22:37:27 342 --a------ C:\Windows\Tasks\McDefragTask.job


    -- Files created between 2008-06-28 and 2008-07-28 --

    2008-07-08 13:39:46 2560 --a------ C:\Windows\system32\drivers\mchInjDrv.sys
    2008-06-29 20:16:35 0 d-------- \ProgramData\Gtek
    2008-06-29 16:44:29 0 d-------- \ProgramData\AOL
    2008-06-29 16:44:17 0 d-------- C:\Program Files\Common Files\aolshare
    2008-06-29 16:44:17 0 d-------- C:\Program Files\Common Files\AOL
    2008-06-29 16:42:24 335 --a------ C:\Windows\nsreg.dat
    2008-06-29 16:02:04 0 d-------- \ProgramData\AOL Downloads


    -- Find3M Report ------

    2008-07-28 20:03:46 0 d-------- \Windows
    2008-07-28 20:03:23 0 d-------- \Deckard
    2008-07-28 18:58:57 0 d-------- C:\Program Files\McAfee
    2008-07-28 11:13:00 0 d--hs---- \System Volume Information
    2008-07-28 10:35:40 2147483647 --ahs---- \pagefile.sys
    2008-07-11 17:40:48 174 --ahs---- C:\Program Files\desktop.ini
    2008-07-11 17:33:59 0 d-------- C:\Program Files\Windows Mail
    2008-07-10 13:09:08 0 d-------- C:\Program Files\Common Files
    2008-07-10 13:09:08 0 dr------- \Program Files
    2008-07-10 12:55:45 0 d-------- C:\Program Files\Java
    2008-07-08 13:40:34 0 d-------- C:\Program Files\TrojanHunter 5.0
    2008-07-08 09:24:49 0 d--h----- \ProgramData
    2008-07-04 15:40:33 0 d--hs---- \$Recycle.Bin
    2008-06-29 22:40:28 0 d-------- C:\Program Files\Google
    2008-06-24 22:38:18 0 d-------- C:\Program Files\Common Files\McAfee
    2008-06-13 21:28:18 0 d-------- \perflogs
    2008-06-12 16:34:40 18916 --a------ C:\Windows\system32\tfak.dll
    2008-06-10 20:30:35 0 d-------- C:\Program Files\Trend Micro
    2008-06-07 22:58:24 0 d-------- C:\Program Files\Dell
    2008-06-02 00:27:56 0 --a------ C:\Windows\system32\nbtstat
    2008-05-31 22:20:10 0 d-------- C:\Program Files\Dell Support Center
    2008-05-31 22:19:54 0 d-------- C:\Program Files\Common Files\supportsoft


    -- Registry Dump -------

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [05/27/2008 02:50 PM]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [12/19/2006 06:12 PM]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [12/19/2006 06:11 PM]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [12/19/2006 06:12 PM]
    "SigmatelSysTrayApp "= "sttray.exe" [02/08/2007 01:16 AM C:\Windows\sttray.exe]
    "IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 12:39 PM]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 11:37 AM]
    "@ "=" " []
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [11/17/2006 05:19 PM]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 11:35 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
    "mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
    "HostManager "= "C:\Program Files\Common Files\AOL\1214772258\ee\AOLSoftware.exe" [04/12/2007 05:23 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [05/27/2008 02:37 PM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [11/12/2006 02:19 AM]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DelayShred "=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\AUBERG~1\appdata\local\temp\Low\HSPERF~1.SH! c:\users\AUBERG~1\appdata\local\temp\HSPERF~1.SH!

    C:\Users\Aubergine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/29/2007 6:21:19 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4007f8b3-2c18-11dd-a463-0019d1377f37}]
    AutoRun\command- F:\LaunchU3.exe -a


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-07-28 20:07:02 ----

    _Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.


    System Information ------------------
    Microsoft® Windows Vistaâ„¢ Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    Percentage of Memory in Use: 37%
    Physical Memory (total/avail): 2045.32 MiB / 1276.38 MiB
    Pagefile Memory (total/avail): 4306.93 MiB / 3452.38 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1923.39 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 222.78 GiB total, 193.26 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 5.21 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 - 232.83 GiB - 3 partitions
    \PARTITION0 - Unknown - 54.88 MiB
    \PARTITION1 - Installable File System - 10 GiB - D:
    \PARTITION2 (bootable) - Installable File System - 222.78 GiB - C:



    -- Security Center ------------

    AUOptions is set to notify before download.
    Windows Internal Firewall is disabled.

    FW: McAfee Personal Firewall v (McAfee)
    AV: McAfee VirusScan v (McAfee)
    AS: McAfee VirusScan v (McAfee)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables ------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Aubergine\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=NONE
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Aubergine
    LOCALAPPDATA=C:\Users\Aubergine\AppData\Local
    LOGONSERVER=\\NONE
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f02
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\AUBERG~1\AppData\Local\Temp
    TMP=C:\Users\AUBERG~1\AppData\Local\Temp
    USERDOMAIN=NONE
    USERNAME=Aubergine
    USERPROFILE=C:\Users\Aubergine
    windir=C:\Windows


    -- User Profiles ---------------

    Aubergine



    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
    AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
    Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
    Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
    Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
    Dell Games --> "C:\Program Files\Dell Games\Uninstall.exe "
    Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
    Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Documentation & Support Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
    Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
    Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
    Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Macromedia Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp "
    Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
    Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
    Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
    Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
    Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
    Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
    Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll "
    User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type3835 / Success
    Event Submitted/Written: 07/28/2008 10:36:48 AM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type3834 / Success
    Event Submitted/Written: 07/28/2008 10:36:47 AM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type3828 / Success
    Event Submitted/Written: 07/28/2008 10:35:53 AM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type3820 / Warning
    Event Submitted/Written: 07/27/2008 09:54:42 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1154895746-69965481-3900917758-1002_Classes:
    Process 928 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1154895746-69965481-3900917758-1002_CLASSES

    Event Record #/Type3819 / Warning
    Event Submitted/Written: 07/27/2008 09:54:42 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1154895746-69965481-3900917758-1002:
    Process 928 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1154895746-69965481-3900917758-1002



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type47507 / Warning
    Event Submitted/Written: 07/28/2008 08:05:57 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %NONE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NONE27 can't undo changes that you allow.

    For more information please see the following:
    %NONE275

    Scan ID: {81543D16-46A5-4CDE-A8F1-93DB493B19E3}

    User: NONE\Aubergine

    Name: %NONE271

    ID: %NONE272

    Severity ID: %NONE273

    Category ID: %NONE274

    Path Found: %NONE276

    Alert Type: %NONE278

    Detection Type: 1.1.1505.02

    Event Record #/Type47506 / Warning
    Event Submitted/Written: 07/28/2008 08:05:57 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %NONE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NONE27 can't undo changes that you allow.

    For more information please see the following:
    %NONE275

    Scan ID: {12BF4F32-EB27-4C82-BAE6-CA266647D9C0}

    User: NONE\Aubergine

    Name: %NONE271

    ID: %NONE272

    Severity ID: %NONE273

    Category ID: %NONE274

    Path Found: %NONE276

    Alert Type: %NONE278

    Detection Type: 1.1.1505.02

    Event Record #/Type47505 / Warning
    Event Submitted/Written: 07/28/2008 08:05:57 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %NONE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NONE27 can't undo changes that you allow.

    For more information please see the following:
    %NONE275

    Scan ID: {0E8E9D5D-2BCD-45BF-AC47-D1ADF5A7F841}

    User: NONE\Aubergine

    Name: %NONE271

    ID: %NONE272

    Severity ID: %NONE273

    Category ID: %NONE274

    Path Found: %NONE276

    Alert Type: %NONE278

    Detection Type: 1.1.1505.02

    Event Record #/Type47504 / Warning
    Event Submitted/Written: 07/28/2008 08:05:57 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %NONE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NONE27 can't undo changes that you allow.

    For more information please see the following:
    %NONE275

    Scan ID: {B41DCCAD-CA51-4D96-9975-1A1473102DC2}

    User: NONE\Aubergine

    Name: %NONE271

    ID: %NONE272

    Severity ID: %NONE273

    Category ID: %NONE274

    Path Found: %NONE276

    Alert Type: %NONE278

    Detection Type: 1.1.1505.02

    Event Record #/Type47503 / Warning
    Event Submitted/Written: 07/28/2008 08:05:55 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    %NONE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NONE27 can't undo changes that you allow.

    For more information please see the following:
    %NONE275

    Scan ID: {19C6CDEC-1316-4297-A998-1F1158FBDD6D}

    User: NONE\Aubergine

    Name: %NONE271

    ID: %NONE272

    Severity ID: %NONE273

    Category ID: %NONE274

    Path Found: %NONE276

    Alert Type: %NONE278

    Detection Type: 1.1.1505.02



    -- End of Deckard's System Scanner: finished at 2008-07-28 20:07:02 ------------

    _______________________________________________
     
  2. 2008/07/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS karma10 :)

    Sorry for the delay.

    karma, I have to ask ........ why have you allowed this to happen for a year, and has something changed (for the worse?) that caused you to address the problem now?

    We're going to start with an antimalware application. Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh dss log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     

  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.