Help with uninstalling some stuff + slow PC [RESOLVED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Help with uninstalling some stuff + slow PC [RESOLVED]

Options

Jame View Member Profile	Jul 28 2008, 04:24 PM Post #1
New Member Posts: 9 OS: XP	Heya. Had noticed a couple of programs that im unbale to remove and would like some help on this as I suspect they might be something I don't really want to have on my PC, they are called "Crush'Em 2.0" and "Puzzl'Em 1.0 Beta2" also noticed my PC is running a little slow then normal, Ie and firefox are constantly slow when loading. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:44, on 28/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark P910 Series\ezprint.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\lxbycoms.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\mIRC\mirc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Common Files\fjOs0r.dll (file missing) O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 11787 bytes Malwarebytes' Anti-Malware 1.23 Database version: 1002 Windows 5.1.2600 Service Pack 2 23:01:45 28/07/2008 mbam-log-7-28-2008 (23-01-45).txt Scan type: Quick Scan Objects scanned: 51051 Time elapsed: 11 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a3f6ede7-9c30-4495-8d6d-6850adda58e5} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e7c79532-b748-40a4-a54c-6a14569541b7} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Mp3Resizer.zip\Setup.exe (Worm.P2P) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.

Jame View Member Profile	Jul 30 2008, 05:14 AM Post #2
New Member Posts: 9 OS: XP	Anyone? Edit: sorry for double posting/bumping. This post has been edited by Jame: Jul 30 2008, 01:28 PM

Mike View Member Profile	Aug 1 2008, 12:41 PM Post #3
Malware Monger Posts: 2,740 OS: XP Professional SP3	Hi there, Sorry for the delay, bumping your thread usually will cause you to be overlooked as we tend to look for threads with 0 replies. Please do the following for me please. Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply. & Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Jame View Member Profile	Aug 2 2008, 12:28 PM Post #4
New Member Posts: 9 OS: XP	Alright, done the scan and will post the logs below. Main.txt Deckard's System Scanner v20071014.68 Run by Owner on 2008-08-02 13:06:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 12: 2008-08-02 12:07:18 UTC - RP461 - Deckard's System Scanner Restore Point 11: 2008-07-29 23:05:06 UTC - RP460 - Software Distribution Service 3.0 10: 2008-07-28 22:49:50 UTC - RP459 - Software Distribution Service 3.0 9: 2008-07-28 21:40:05 UTC - RP458 - Restore 8: 2008-07-27 22:47:13 UTC - RP457 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-05-10 09:36:05 UTC - RP450 - Shockwave Player Backed up registry hives. Performed disk cleanup. System Drive C: has 5.09 GiB (less than 15%) free. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:09:54, on 02/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark P910 Series\ezprint.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\lxbycoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Common Files\fjOs0r.dll (file missing) O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 11571 bytes -- File Associations ----------------------------------------------------------- .js - unable to read key .js - unable to read key .reg - regfile - shell\open\command - regedit.exe "%1" % .scr - scrfile - shell\open\command - "%1" %* .txt - unable to read key .txt - unable to read key -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil�> R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT> R2 ZDCNDIS5 (ZDCNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdcndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows> R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows � 2000 DDK driver> R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus� ASPI Shell> R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) S3 MR97310_USB_DUAL_CAMERA (MR97310 CIF Dual Mode Camera) - c:\windows\system32\drivers\mr97310c.sys (file missing) S3 nenum13E - c:\docume~1\owner\locals~1\temp\nenum13e.sys (file missing) S3 ovt519 (VGA USB Camera) - c:\windows\system32\drivers\ov519vid.sys (file missing) S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver> S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver> S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem> S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management> S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation> S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface> S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation> S3 w200bus (Sony Ericsson W200 driver (WDM)) - c:\windows\system32\drivers\w200bus.sys <Not Verified; MCCI; Sony Ericsson W200> S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800> S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver> S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem> S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management> S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia N73 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N73 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-08-02 13:08:37 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-08-01 11:33:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job 2008-07-30 21:56:22 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-04-22 21:33:06 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job -- Files created between 2008-07-02 and 2008-08-02 ----------------------------- 2008-07-28 23:07:07 0 d-------- C:\Program Files\Trend Micro 2008-07-28 22:48:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-07-28 22:48:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 22:48:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-28 22:44:39 0 d-------- C:\Program Files\Common Files\Download Manager 2008-07-27 19:23:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-07-12 13:43:20 0 d-------- C:\Documents and Settings\Owner\.jnlp-applet -- Find3M Report --------------------------------------------------------------- 2008-08-02 13:07:12 0 d-------- C:\Program Files\mIRC 2008-07-28 23:39:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-07-28 23:30:01 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor 2008-07-28 22:44:39 0 d-------- C:\Program Files\Common Files 2008-07-28 09:59:16 0 d-------- C:\Program Files\sunriseradio 2008-07-28 09:59:16 0 d-------- C:\Program Files\Conduit 2008-07-27 19:16:18 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files 2008-07-20 19:21:35 0 d-------- C:\Program Files\Messenger Plus! Live 2008-07-20 19:21:34 0 d-------- C:\Program Files\MSN Messenger 2008-07-16 12:03:47 0 d-------- C:\Program Files\World of Warcraft 2008-07-13 19:17:51 0 d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint 2008-07-13 19:14:47 0 d-------- C:\Program Files\Temp 2008-07-12 21:45:33 0 d-------- C:\Program Files\Java 2008-07-01 20:32:34 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab 2008-07-01 20:32:33 0 d-------- C:\Program Files\SystemRequirementsLab 2008-06-27 12:39:53 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-06-11 11:34:47 0 d-------- C:\Program Files\Teamspeak2_RC2 2008-05-10 10:36:32 4713 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}] C:\Program Files\Common Files\fjOs0r.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [09/09/2002 08:05] "KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 21:56] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [01/10/2002 00:39 C:\WINDOWS\system32\nwiz.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [] "lxbymon.exe"="C:\Program Files\Lexmark P910 Series\lxbymon.exe" [22/09/2004 11:43] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [22/09/2004 11:18] "EzPrint"="C:\Program Files\Lexmark P910 Series\ezprint.exe" [17/09/2004 14:24] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [18/06/2002 09:01] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27] "AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 17:41] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 15:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [25/06/2003 11:24] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [23/07/2005 03:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [10/09/2004 12:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [26/12/2005 16:18:53] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}"= C:\Program Files\Internet Explorer\OnlO0r.dll [ ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker] c:\hp\bin\BlockTracker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dc-893d-11dc-87f1-000e50e99824}] Auto\command- J:\Windows.scr AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dd-893d-11dc-87f1-000e50e99824}] Auto\command- K:\Windows.scr AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr -- Hosts ----------------------------------------------------------------------- 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 60 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-02 13:10:58 ------------ This post has been edited by Jame: Aug 2 2008, 12:31 PM

Jame View Member Profile	Aug 2 2008, 12:32 PM Post #5
New Member Posts: 9 OS: XP	Extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.66GHz Percentage of Memory in Use: 35% Physical Memory (total/avail): 1535.48 MiB / 986.52 MiB Pagefile Memory (total/avail): 2156.91 MiB / 1745.82 MiB Virtual Memory (total/avail): 2047.88 MiB / 1927.64 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 52.56 GiB total, 5.09 GiB free. D: is Fixed (FAT32) - 3.36 GiB total, 0.7 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Removable (No Media) \\.\PHYSICALDRIVE0 - SAMSUNG SV0602H - 55.93 GiB - 2 partitions \PARTITION0 - Unknown - 3.36 GiB - D: \PARTITION1 (bootable) - Installable File System - 52.56 GiB - C: \\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: avast! antivirus 4.8.1201 [VPS 080802-0] v4.8.1201 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\ccapp.exe"="%windir%\\system32\\ccapp.exe::Enabled:System Process" "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe::Enabled:SmartFTP Client 2.0" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe::Enabled:BlueSoleil" "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe::Enabled:World Switcher for RuneScape" "C:\\Program Files\\LimeWire\\LimeWire 4.0.8 Pro\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.0.8 Pro\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe::Enabled:mIRC" "C:\\Program Files\\MSN Messenger\\msrr.exe"="C:\\Program Files\\MSN Messenger\\msrr.exe::Enabled:Messenger" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe::Enabled:Hamachi Client" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe::Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe::Enabled:Blizzard Downloader" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe::Enabled:Bonjour" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\xampp\\apache\\bin\\apache.exe"="C:\\Program Files\\xampp\\apache\\bin\\apache.exe::Enabled:Apache HTTP Server" "C:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"="C:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe::Enabled:mysqld" "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe::Disabled:Remote Assistance - Windows Messenger and Voice" "C:\\Documents and Settings\\Owner\\My Documents\\My Pictures\\utorrent.exe"="C:\\Documents and Settings\\Owner\\My Documents\\My Pictures\\utorrent.exe::Enabled:�Torrent" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe::Enabled:Blubster" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe::Enabled:Delivery Manager Service" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe::Enabled:LimeWire" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console COLLECTIONID=COL7299 CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=OWNER ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA8 FP_NO_HOST_CHECK=NO HMSERVER=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner ITEMID=oj-21918-1 LANG=2057 LOGONSERVER=\\OWNER NUMBER_OF_PROCESSORS=1 OS=Windows_NT OSVER=winXPH Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Sonic\MyDVD;;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0207 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONID=1191374208819g1u0355c.austin.hp.com-28ed1b32:1159bf9e152:-557a SESSIONNAME=Console SWUTVER=1.0.18.30716 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TIMEOUT=0 TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TOOLPATH=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\radADEC3.tmp USERDOMAIN=OWNER USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner VERSION=2.1.5 windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3} --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264} --> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E} --> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285} Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589} Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3} Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Setup --> MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3} Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{D84E40A2-380A-46E9-A750-6F55D398D973} ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9 Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe Crush'Em 2.0 --> C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log Driving Test Success 2006/7 --> "C:\Program Files\Driving Test Success 2006-2007\unins000.exe" DyynoPlayer 0.8.6e --> C:\Program Files\Dyyno\Dyyno Player\uninstall.exe FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903 hp deskjet 3600 --> msiexec /x{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292} Indeo� Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" Intel® 82845G Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033 iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KBD --> C:\HP\KBD\KBD.EXE uninstalled Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe Lexmark Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U Lexmark P910 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbyUNST.EXE -NOLICENSE LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft AutoRoute 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-3333BC2C2B6D} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\ mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Player Utilities 1.47 --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B} MP3Resizer 1.9.1 --> "C:\Program Files\MP3Resizer\unins000.exe" Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Owner\uninst.exe overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} Packard Bell Diamond 1200Plus v1.0 --> C:\PROGRA~1\PACKAR~1\Driver\UNINST.EXE PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Pinnacle Hollywood FX 4.6 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Puzzl'Em 1.0 Beta2 --> C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264} RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe" SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel Studio 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c Studio Content CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\setup.exe" -l0x9 System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe" Ulead Photo Express 3.0 SE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\IS32Inst.dll" Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9 ZyXEL G-202 Wireless Adapter Utility --> C:\Program Files\InstallShield Installation Information\{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}\setup.exe -runfromtemp -l0x0009 -removeonly -- Application Event Log ------------------------------------------------------- Event Record #/Type1768 / Success Event Submitted/Written: 08/01/2008 06:17:37 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1759 / Success Event Submitted/Written: 07/31/2008 07:04:11 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1754 / Error Event Submitted/Written: 07/31/2008 11:22:55 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application zyxel g-202.exe, version 2.0.3.0, faulting module zyxel g-202.exe, version 2.0.3.0, fault address 0x000552cf. Processing media-specific event for [zyxel g-202.exe!ws!] Event Record #/Type1751 / Error Event Submitted/Written: 07/31/2008 11:19:49 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application nwiz.exe, version 6.13.10.3190, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [nwiz.exe!ws!] Event Record #/Type1740 / Success Event Submitted/Written: 07/30/2008 10:35:06 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type39892 / Error Event Submitted/Written: 08/02/2008 00:53:25 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 192.168.1.33 for the Network Card with network address 0010DCACDF11 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Event Record #/Type39887 / Warning Event Submitted/Written: 08/02/2008 00:54:53 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type39856 / Error Event Submitted/Written: 08/01/2008 11:16:48 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Event Record #/Type39855 / Error Event Submitted/Written: 08/01/2008 11:16:48 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type39854 / Error Event Submitted/Written: 08/01/2008 11:16:48 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} -- End of Deckard's System Scanner: finished at 2008-08-02 13:10:58 ------------

Mike View Member Profile	Aug 2 2008, 02:22 PM Post #6
Malware Monger Posts: 2,740 OS: XP Professional SP3	How is the Kaspersky scan coming along?

Jame View Member Profile	Aug 3 2008, 01:25 AM Post #7
New Member Posts: 9 OS: XP	Took a while heres the log -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, August 2, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, August 02, 2008 12:40:09 Records in database: 1044877 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 186293 Threat name: 16 Infected objects: 29 Suspicious objects: 0 Duration of the scan: 05:44:18 File name / Threat name / Threats count C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1 C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for Adobe Dreamweaver 8.zip\Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.39_09.37.13_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.40_17.07.39_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.41_15.16.03_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.42_15.11.56_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.43_10.10.25_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.44_10.30.32_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\All Users\Application Data\SwiftSwitch\swiftswitch(install).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1 C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75606 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-50426281 Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Owner\Incomplete\T-3545425-hey girl t2.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Owner\Incomplete\T-5745425-Black Box - Ride on time (garage trip).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Owner\My Documents\My Music\Johnny Cash - Hey Porter.mp3 Infected: Trojan-Downloader.WMA.GetCodec.b 1 C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Girls of FHM - Do you think I'm sexy.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Steps - Last thing on my mind.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Owner\My Documents\My Music\rihanna - Shut up and drive (Wideboys Remix).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Program Files\Altnet\Download Manager\asm.exe Infected: not-a-virus:AdWare.Win32.Altnet.l 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\Adobe Photoshop 9 CS2.zip.vir Infected: Worm.Win32.VB.an 1 C:\Program Files\Internet Explorer\OnlO0r.bak Infected: Trojan-PSW.Win32.Delf.agq 1 C:\Program Files\Microsoft AntiSpyware\Quarantine\9EE9F816-8C51-4573-8297-790AE3\6B8CCF76-AEF4-4CC9-98BA-1556AF Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1 C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1 C:\Program Files\VirtualDJ\vdj.exe Infected: Backdoor.Win32.Bifrose.rtv 1 C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 The selected area was scanned.

Mike View Member Profile	Aug 3 2008, 04:36 AM Post #8
Malware Monger Posts: 2,740 OS: XP Professional SP3	Hi there, Delete everything in these folders please. C:\Program Files\Microsoft AntiSpyware\Quarantine C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\Program Files\Alwil Software\Avast4\DATA\moved Now, Go to start, then run and copy and paste the bolded command: "%userprofile%\desktop\dss.exe" /daft Click on Scan. Select everything it is displaying there Click the Fix button. Then rescan with DAFT again - it should say now that "All associations are OK" Close DAFT if you receive that message. This means that it is fixed now. Then, Did you install IMVU? It is considered adware since it displays advertisments, do you want to keep it? If not uninstall the program and delete C:\Program files\IMVU You also need to uninstall your old Java versions Java™ 6 Update 3 Java™ 6 Update 5 Java™ SE Runtime Environment 6 Update 1 Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present): O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Common Files\fjOs0r.dll (file missing) O24 - Desktop Component 0: (no name) - (no file) Now please close all open windows except HJT and press "Fix checked". Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE [kill explorer] K:\Windows.scr J:\Windows.scr C:\Documents and Settings\All Users\Application Data\SwiftSwitch C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-50426281 C:\Documents and Settings\Owner\Incomplete\T-3545425-hey girl t2.mp3 C:\Documents and Settings\Owner\Incomplete\T-5745425-Black Box - Ride on time (garage trip).mp3 C:\Documents and Settings\Owner\My Documents\My Music\Johnny Cash - Hey Porter.mp3 C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Girls of FHM - Do you think I'm sexy.mp3 C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Steps - Last thing on my mind.mp3 C:\Documents and Settings\Owner\My Documents\My Music\rihanna - Shut up and drive (Wideboys Remix).mp3 C:\Program Files\Altnet\Download Manager\asm.exe C:\Program Files\Internet Explorer\OnlO0r.bak C:\Program Files\VirtualDJ C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dc-893d-11dc-87f1-000e50e99824} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dd-893d-11dc-87f1-000e50e99824} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} purity emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. And finally, I see you already have MalwareBytes' Anti-Malware installed, I trust you can do a quick scan and post the results here? Post back with the logs and re-run DSS to get main.txt (extra.txt will not appear.) Thanks, Mike This post has been edited by Mike: Aug 3 2008, 04:44 AM

Jame View Member Profile	Aug 3 2008, 09:36 AM Post #9
New Member Posts: 9 OS: XP	Explorer killed successfully File/Folder K:\Windows.scr not found. File/Folder J:\Windows.scr not found. C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Balla\Notes moved successfully. C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Balla\Data moved successfully. C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Balla moved successfully. C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles moved successfully. C:\Documents and Settings\All Users\Application Data\SwiftSwitch moved successfully. C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-50426281 moved successfully. C:\Documents and Settings\Owner\Incomplete\T-3545425-hey girl t2.mp3 moved successfully. C:\Documents and Settings\Owner\Incomplete\T-5745425-Black Box - Ride on time (garage trip).mp3 moved successfully. C:\Documents and Settings\Owner\My Documents\My Music\Johnny Cash - Hey Porter.mp3 moved successfully. C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Girls of FHM - Do you think I'm sexy.mp3 moved successfully. C:\Documents and Settings\Owner\My Documents\My Music\m\Wont resize\Steps - Last thing on my mind.mp3 moved successfully. C:\Documents and Settings\Owner\My Documents\My Music\rihanna - Shut up and drive (Wideboys Remix).mp3 moved successfully. C:\Program Files\Altnet\Download Manager\asm.exe moved successfully. C:\Program Files\Internet Explorer\OnlO0r.bak moved successfully. C:\Program Files\VirtualDJ\Effects moved successfully. C:\Program Files\VirtualDJ moved successfully. C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip moved successfully. File/Folder C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip not found. < HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dc-893d-11dc-87f1-000e50e99824} > Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dc-893d-11dc-87f1-000e50e99824}\\ deleted successfully. < HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dd-893d-11dc-87f1-000e50e99824} > Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9489d5dd-893d-11dc-87f1-000e50e99824}\\ deleted successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}\ deleted successfully. < purity > < emptytemp > File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_ZOetYzFi5qZdHxRLIDkg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_100.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_754.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_cec.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFCA8C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_688.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08032008_161501 Files moved on Reboot... File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_ZOetYzFi5qZdHxRLIDkg not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_100.dat not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_754.dat not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_cec.dat not found! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFCA8C.tmp moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_688.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. This is the results from the malwarebytes scan: Malwarebytes' Anti-Malware 1.24 Database version: 1019 Windows 5.1.2600 Service Pack 2 16:35:14 03/08/2008 mbam-log-8-3-2008 (16-35-08).txt Scan type: Quick Scan Objects scanned: 45211 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\Fonts (Trojan.Agent) -> No action taken. Files Infected: C:\WINDOWS\system32\Fonts\ACADEMY_.PFB (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Fonts\ACADEMY_.PFM (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Fonts\ACADEMY_.TTF (Trojan.Agent) -> No action taken. and DSS: Deckard's System Scanner v20071014.68 Run by Owner on 2008-08-03 16:35:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 5.17 GiB (less than 15%) free. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:41, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lexmark P910 Series\ezprint.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\lxbycoms.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 10902 bytes -- Files created between 2008-07-03 and 2008-08-03 ----------------------------- 2008-08-02 13:18:36 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager 2008-07-28 23:07:07 0 d-------- C:\Program Files\Trend Micro 2008-07-28 22:48:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-07-28 22:48:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 22:48:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-28 22:44:39 0 d-------- C:\Program Files\Common Files\Download Manager 2008-07-27 19:23:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-07-12 13:43:20 0 d-------- C:\Documents and Settings\Owner\.jnlp-applet -- Find3M Report --------------------------------------------------------------- 2008-08-03 16:13:24 0 d-------- C:\Program Files\mIRC 2008-08-03 16:11:38 0 d-------- C:\Program Files\Java 2008-07-28 23:39:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-07-28 23:30:01 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor 2008-07-28 22:44:39 0 d-------- C:\Program Files\Common Files 2008-07-28 09:59:16 0 d-------- C:\Program Files\sunriseradio 2008-07-28 09:59:16 0 d-------- C:\Program Files\Conduit 2008-07-27 19:16:18 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files 2008-07-20 19:21:35 0 d-------- C:\Program Files\Messenger Plus! Live 2008-07-20 19:21:34 0 d-------- C:\Program Files\MSN Messenger 2008-07-16 12:03:47 0 d-------- C:\Program Files\World of Warcraft 2008-07-13 19:17:51 0 d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint 2008-07-13 19:14:47 0 d-------- C:\Program Files\Temp 2008-07-01 20:32:34 0 d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab 2008-07-01 20:32:33 0 d-------- C:\Program Files\SystemRequirementsLab 2008-06-27 12:39:53 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-06-11 11:34:47 0 d-------- C:\Program Files\Teamspeak2_RC2 2008-05-10 10:36:32 4713 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [09/09/2002 08:05] "KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 21:56] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [01/10/2002 00:39 C:\WINDOWS\system32\nwiz.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [] "lxbymon.exe"="C:\Program Files\Lexmark P910 Series\lxbymon.exe" [22/09/2004 11:43] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [22/09/2004 11:18] "EzPrint"="C:\Program Files\Lexmark P910 Series\ezprint.exe" [17/09/2004 14:24] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [18/06/2002 09:01] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19] "AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 17:41] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 15:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [25/06/2003 11:24] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [23/07/2005 03:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [10/09/2004 12:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [26/12/2005 16:18:53] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockTracker] c:\hp\bin\BlockTracker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe Newly Created Service - MBAMSWISSARMY -- End of Deckard's System Scanner: finished at 2008-08-03 16:36:14 ------------ This post has been edited by Jame: Aug 3 2008, 09:38 AM

Mike View Member Profile	Aug 3 2008, 11:39 AM Post #10
Malware Monger Posts: 2,740 OS: XP Professional SP3	Hi there Did you decide to keep or remove IMVU? If you did, go ahead and fix these lines with Hijack This. O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O24 - Desktop Component 0: (no name) - (no file) Also, Please re-run MBAM, when the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. I would like to take a look into this folder, Open notepad, copy and paste the following in bold: @echo off dir "C:\Documents and Settings\Owner\.jnlp-applet"> looksee.txt start notepad looksee.txt del %0 At �filename�change it to looksee.bat. Go to �save as� and change it to �all files�. doubleclick on looksee.bat. A notepad will appear with some content please post that back here. How is your PC running, any problems? This post has been edited by Mike: Aug 3 2008, 11:41 AM Reason for edit: BBCode

Jame View Member Profile	Aug 3 2008, 03:26 PM Post #11
New Member Posts: 9 OS: XP	Running a bit better, altho I notice i get an error message when I turn my PC off giving me the option to "End Now" a program, not sure whats its called something to do with .Net Framework :S will take a look tonight and see what its called and post it tomorrow. Looksee.txt Volume in drive C is HP_PAVILION Volume Serial Number is E0CB-3111 Directory of C:\Documents and Settings\Owner\.jnlp-applet 12/07/2008 13:43 <DIR> . 12/07/2008 13:43 <DIR> .. 12/07/2008 13:43 <DIR> cache 0 File(s) 0 bytes 3 Dir(s) 5,013,774,336 bytes free

Mike View Member Profile	Aug 4 2008, 03:53 AM Post #12
Malware Monger Posts: 2,740 OS: XP Professional SP3	Hi there If it�s the .NET Framework it is not malware, you can try uninstalling it and reinstalling through microsoft and see if that helps. From your logs, your computer looks clean to me Download OTCleanIt here http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe Open the progarm and press CleanUp!, it will remove the tools we used. MBAM needs to be uninstalled through add or remove programs. Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates. First, click the System Restore tab. Check the box beside "Turn off System Restore" Click "Apply" At the prompt, click "Yes" Wait while your system deletes existing Restore Points, this may take a few moments. Uncheck the box beside "Turn off System Restore" Click "Apply" At the prompt, click "Yes" Your system will now create a new Restore Point. Now that your are clean, you'll want to stay that way. Some important things that you should keep in mind in order to protect yourself: Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse. Things you can do to avoid downloading bad programs: Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none. Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected. Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy. Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer. Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week. Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft. I have listed two programs to boost your security while using no resources. SpywareBlaster Take a look at the tutorial here. ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera. Make a habit of scanning your computer for viruses every week or so and backing up important files regularly. Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.

Jame View Member Profile	Aug 4 2008, 06:02 AM Post #13
New Member Posts: 9 OS: XP	All seems good now Thanks alot for the help !

Mike View Member Profile	Aug 4 2008, 07:59 AM Post #14
Malware Monger Posts: 2,740 OS: XP Professional SP3	Glad to hear it Take care and have a great day still! Mike

Mike View Member Profile	Aug 4 2008, 07:59 AM Post #15
Malware Monger Posts: 2,740 OS: XP Professional SP3	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Would love some help with C:\Windows\mgrsts.exe[RESOLVED]	8 / 1,612	21st April 2005 - 11:01 AM Guy Scissorhands started - last by Avohir
Virus, Spyware and Trojan Removal Need Help with Win32/Adware.virtumonde /privacyremover.m64 [RESOLVED]	11 / 446	12th September 2008 - 03:18 PM slmitten started - last by Rorschach112
Virus, Spyware and Trojan Removal Help with removing some bad trash is needed.	13 / 411	5th November 2008 - 11:16 AM undun40cal started - last by Rorschach112
Console Games I need help with my xbox live to pc connection	2 / 1,672	27th January 2009 - 11:11 PM Hearse59 started - last by xBPM07x