Author Topic: got a virus i cant see  (Read 46750 times)

0 Members and 1 Guest are viewing this topic.

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #15 on: March 23, 2008, 01:59:17 AM »
here is the extra text.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 382.48 MiB / 90.62 MiB
Pagefile Memory (total/avail): 919.41 MiB / 559.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.38 MiB

C: is Fixed (NTFS) - 48.32 GiB total, 24.09 GiB free.
D: is Fixed (FAT32) - 7.55 GiB total, 0.84 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2060AT PL - 55.89 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 48.32 GiB - C:
  \PARTITION1 - Unknown - 7.56 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080322-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Ritalee\\Desktop\\downloads\\incredimail_install.exe"="C:\\Documents and Settings\\Ritalee\\Desktop\\downloads\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Ritalee\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\Ritalee\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"


Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #16 on: March 23, 2008, 01:59:53 AM »
-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ritalee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PIKACHU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ritalee
LOGONSERVER=\\PIKACHU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PIKACHU
USERNAME=Ritalee
USERPROFILE=C:\Documents and Settings\Ritalee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Ritalee (admin)
Sara Hope (admin)
Retta G
Pillar Of Winter
Grandma (new local)
Grandpa (new local)

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #17 on: March 23, 2008, 02:00:59 AM »
-- Add/Remove Programs ---------------------------------------------------------

 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Balloon Kaboom --> C:\PROGRA~1\eGames\BALLOO~2\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~2\INSTALL.LOG
Balloon Pop Special Edition --> C:\PROGRA~1\eGames\BALLOO~1\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~1\INSTALL.LOG


Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #18 on: March 23, 2008, 02:01:33 AM »
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Bingo Master Special Edition --> C:\PROGRA~1\eGames\BINGOM~1\UNWISE.EXE C:\PROGRA~1\eGames\BINGOM~1\INSTALL.LOG
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Block Rox --> C:\PROGRA~1\eGames\BLOCKR~1\UNWISE.EXE C:\PROGRA~1\eGames\BLOCKR~1\INSTALL.LOG
Blood2 --> C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL1.isu
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Collector's Edition 251 --> C:\PROGRA~1\eGames\COLLEC~1\UNWISE.EXE C:\PROGRA~1\eGames\COLLEC~1\INSTALL.LOG
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Darts --> MsiExec.exe /X{F91CB93C-E24C-4932-A3F9-C4A6403F90CF}
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Deer Hunter 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 4\Uninst.isu"
Deer Hunter 5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 5\Uninst.isu"
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy To-Do --> "C:\Program Files\Xanadu Tools\Easy To-Do\unins000.exe"
Elrond's MM6 Editor [v3.6] --> C:\PROGRA~1\ELROND~1\UNWISE.EXE C:\PROGRA~1\ELROND~1\INSTALL.LOG
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Final Fantasy VII --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Square Soft, Inc.\Final Fantasy VII\Uninst.isu"
Final Fantasy VII XP Patch --> C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
gigabeat S Series Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C5BCAA4-80F2-4092-BD22-F426453BCD17}\Setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Great Pyramid --> C:\PROGRA~1\eGames\GREATP~1\UNWISE.EXE C:\PROGRA~1\eGames\GREATP~1\INSTALL.LOG

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #19 on: March 23, 2008, 02:02:12 AM »
Hellfire --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HELLFIRE\Uninst.isu
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hoyle Card Games 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CARD3\Uninst.isu
HP DVD Play 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe"  -uninstall
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9  -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9  -removeonly
HP User Guides 0024 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{798E409B-F5CA-449E-9BE6-E18199E007C6}\Setup.exe" -l0x9  -removeonly
HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9  hpquninst
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Lightening --> C:\Program Files\Lightening\Uninst.exe /pid:{904FC6CC-B684-4549-BA5B-AB5A479C945C} /asd
Lotus SmartSuite 97 --> C:\WINDOWS\lunin10.exe /T SmartSuite /V 97.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O  /L EN
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Mahjongg Master 5 --> C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Master of Dwarves --> C:\PROGRA~1\eGames\MASTER~1\UNWISE.EXE C:\PROGRA~1\eGames\MASTER~1\INSTALL.LOG
Memorex 6136 U Scanner Driver --> C:\PROGRA~1\Memorex\UNWISE.EXE C:\PROGRA~1\Memorex\INSTALL.LOG
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Train Simulator --> "C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #20 on: March 23, 2008, 02:02:55 AM »
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Might and Magic VI: The Mandate of Heaven --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VI\Might and Magic® VI.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Might and Magic VII, For Blood and Honor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VII\Might and Magic VII.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Might and Magic VIII: Day of the Destroyer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VIII\Might and Magic Day of the Destroyer.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Monster Buck Pack, DH2 & DH2 Extended Season --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\Deer Hunter 2\Uninst.isu"
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MyDsc2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
MySpaceIM --> MsiExec.exe /I{3BA59EE1-6D83-4CAE-A0B9-6B91BD44A14B}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Pinball --> MsiExec.exe /X{0187C675-40EC-4DDB-8ED9-A4A65F44C24E}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9  -uninst
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rocky Mountain Trophy Hunter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter\Uninst.isu"
Rocky Mountain Trophy Hunter 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter 2\Uninst.isu"
Rocky Mountain Trophy Hunter 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter 3\Uninst.isu"
Rocky Mountain Trophy Hunter Alaskan Expedition --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Rocky Mountain Trophy Hunter\RMTH2.isu" -c"C:\Program Files\Rocky Mountain Trophy Hunter\RMTH2UIS.dll"
RollerCoaster Tycoon Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #21 on: March 23, 2008, 02:03:42 AM »
SimCity 2000® CD Collection --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
SimCity 3000 Unlimited --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll"
SimCity 4 Rush Hour --> C:\Documents and Settings\Ritalee\My Documents\EAUninstall.exe
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeraNet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40139BDF-B715-4994-A1BA-6B452DB3FC7B}\Setup.exe" -l0x9
Terayon DOCSIS Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TOSHIBA gigabeat applications 2.0.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33DF47F1-B83A-4EB5-AA56-EAB28A1EAE14}\setup.exe" UNINSTALLUNINSTALL
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Tudoo 3.0.1 --> "C:\Program Files\Tudoo\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar V35 (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarInstaller.exe /u /k
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9  -removeonly
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA SoftSynthesizer S-YXG70 --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu -c"C:\WINDOWS\system32\sxgunins.dll

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #22 on: March 23, 2008, 02:04:18 AM »
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type11711 / Error
Event Submitted/Written: 03/22/2008 03:49:10 PM
Event ID/Source: 11101 / MsiInstaller
Event Description:
Product: Java(TM) 6 Update 5 -- Error 1101.Error reading from file: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_05/sp1033.MST.  System error 123.  Verify that the file exists and that you can access it.

Event Record #/Type11710 / Error
Event Submitted/Written: 03/22/2008 03:47:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msiexec.exe, version 3.1.4000.1823, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11709 / Error
Event Submitted/Written: 03/22/2008 03:34:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11705 / Error
Event Submitted/Written: 03/22/2008 02:54:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11696 / Error
Event Submitted/Written: 03/22/2008 06:58:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #23 on: March 23, 2008, 02:04:49 AM »
-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type62464 / Error
Event Submitted/Written: 03/22/2008 05:35:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type62463 / Error
Event Submitted/Written: 03/22/2008 05:35:46 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type62462 / Error
Event Submitted/Written: 03/22/2008 05:35:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type62461 / Error
Event Submitted/Written: 03/22/2008 05:35:14 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type62457 / Error
Event Submitted/Written: 03/22/2008 05:34:38 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-03-22 17:48:17 ------------


Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: got a virus i cant see
« Reply #24 on: March 23, 2008, 03:33:09 AM »
ok, I got the logs. Have to go out for awhile. I'll check them when I get back.

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #25 on: March 23, 2008, 03:35:31 AM »
ok i will be here reading or doing ebay. :D hopefully i can keep connected i keep loosing my connection.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: got a virus i cant see
« Reply #26 on: March 23, 2008, 07:53:55 AM »
I've gone over the logs, including what you sent from the avast warning log.

Quote
3/20/2008   12:03:31 PM   1206039811   Ritalee   3428   Sign of "Win32:Trojan-gen {VC}" has been found in "C:\Program Files\HPQ\Default Settings\CpqsetVer.exe" file. 
3/20/2008   2:26:00 PM   1206048360   Ritalee   3428   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll" file. 
3/20/2008   10:14:55 PM   1206076495   Ritalee   3428   Sign of "Win32:Trojan-gen {VC}" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210172.exe" file. 
3/20/2008   10:26:47 PM   1206077207   Ritalee   3428   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file. 
3/22/2008   12:08:06 AM   1206169686   Ritalee   1164   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file

These are your latest detections. One has been confirmed a false positive by Avira. We'll check that one out after. 3 in system restore. which is most likely the same ones only in a restore point.

Did you try to install IncrediMail recently? I see an entry in HJT that doesn't look quite right.

Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #27 on: March 23, 2008, 08:05:56 AM »
hello, no i didnt install incredimail it kept asking me to log onto the net and when i did it wouldnt do anything so every day i get a log in later icon on my desktop.

so is these 4 trojans causing me to have a slow boot up time of 7 to 10 minutes?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: got a virus i cant see
« Reply #28 on: March 23, 2008, 08:37:06 AM »
No, as I said they probably are false positives. We will deal with those after we check a couple of things out.

So we do a little house cleaning.


Open HJT, run a system scan only, check mark these lines if present

O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail

Close all other browsers/windows, click fix, close HJT.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post the results of the scan along with a new HJT log aken after the scan.

Thanks.



Warrior-Paine

  • Guest
Re: got a virus i cant see
« Reply #29 on: March 23, 2008, 08:43:20 AM »
witch cleanup folder do i click to download it?