Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer [RESOLVED]


  • This topic is locked This topic is locked

#1
td323i

td323i

    Member

  • Member
  • PipPip
  • 43 posts
I'm working on a computer that is full of viruses and needs serious help. The desktop has been changed to a message telling me the computer is infected and i have icons in the taskbar telling me i'm infected.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:58 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\444.471
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\1028s.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\portsv.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\1028s.exe
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\1028s.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\1028s.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 13807 bytes


Any help will be greatly appreciated.

Thanks,
Td
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Check the box at the top-left beside Scan All Users
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks,
Attached you will find the two logs you requested.

Thanks,
Td

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello


Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> portsv.exe -> %SystemRoot%\portsv.exe
[Win32 Services - Non-Microsoft Only]
YY -> (PlugPlayRPC) Plug and Play (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\portsv.exe
[Driver Services - Non-Microsoft Only]
YY -> (catchme) catchme [Kernel | On_Demand | Running] -> %SystemDrive%\DOCUME~1\Roxy\LOCALS~1\Temp\catchme.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MSKDetectorExe -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe [C:\Program Files\AWS\WeatherBug\Weather.exe 1]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Power2GoExpress -> [NA]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Power2GoExpress -> [NA]
< Run [HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\] > -> HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe [C:\Program Files\AWS\WeatherBug\Weather.exe 1]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{605B3D3F-4F33-41D0-BA27-98238E1E839F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\] > ->
YN -> HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\: URLSearchHooks\\{605B3D3F-4F33-41D0-BA27-98238E1E839F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [Internet Speed Monitor]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\] > -> HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Add to Windows &Live Favorites ->
YN -> Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Add to Windows &Live Favorites ->
YN -> Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll
YN -> Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\] > -> HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}[HKEY_LOCAL_MACHINE] -> http://ak.exe.imgfar...p1.0.0.15-3.cab[Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< MountPoints2 > ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2962e708-b152-11db-ac57-806d6172696f}\_Autorun\DefaultIcon\\ -> E:\Install TomTom HOME.exe [E:\Install TomTom HOME.exe]
[Files/Folders - Created Within 90 days]
NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> QooBox -> %SystemDrive%\QooBox
NY -> SDFix -> %SystemDrive%\SDFix
NY -> 1028s.exe -> %SystemRoot%\System32\1028s.exe
NY -> 2091 -> %SystemRoot%\System32\2091
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2451 -> %SystemRoot%\System32\2451
NY -> 2928 -> %SystemRoot%\System32\2928
NY -> 404Fix.exe -> %SystemRoot%\System32\404Fix.exe
NY -> dumphive.exe -> %SystemRoot%\System32\dumphive.exe
NY -> IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe
NY -> Process.exe -> %SystemRoot%\System32\Process.exe
NY -> SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe
NY -> tmp.reg -> %SystemRoot%\System32\tmp.reg
NY -> VACFix.exe -> %SystemRoot%\System32\VACFix.exe
NY -> vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe
NY -> VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe
NY -> WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe
NY -> 444.471 -> %SystemRoot%\444.471
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
NY -> SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe
[Files/Folders - Modified Within 90 days]
NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> QooBox -> %SystemDrive%\QooBox
NY -> SDFix -> %SystemDrive%\SDFix
NY -> 1028s.exe -> %SystemRoot%\System32\1028s.exe
NY -> 2091 -> %SystemRoot%\System32\2091
NY -> 2451 -> %SystemRoot%\System32\2451
NY -> 2928 -> %SystemRoot%\System32\2928
NY -> 404Fix.exe -> %SystemRoot%\System32\404Fix.exe
NY -> VACFix.exe -> %SystemRoot%\System32\VACFix.exe
NY -> vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe
NY -> 444.471 -> %SystemRoot%\444.471
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
NY -> SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.





Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Don't attach these logs
  • 0

#5
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process portsv.exe .
C:\WINDOWS\portsv.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Unable to stop service PlugPlayRPC .
Service PlugPlayRPC deleted successfully.
File C:\WINDOWS\portsv.exe not found.
[Driver Services - Non-Microsoft Only]
Service catchme stopped successfully.
Service catchme deleted successfully.
File C:\DOCUME~1\Roxy\LOCALS~1\Temp\catchme.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress not found.
Registry value HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Weather not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{605B3D3F-4F33-41D0-BA27-98238E1E839F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605B3D3F-4F33-41D0-BA27-98238E1E839F}\ not found.
Registry key HKEY_USERS\1-5-21-354729448-1744565228-3582905676-1008\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1FE2EBE5-42FF-4586-A144-CA420C84FF6A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FE2EBE5-42FF-4586-A144-CA420C84FF6A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English\ not found.
Registry key HKEY_USERS\S-1-5-21-354729448-1744565228-3582905676-1008\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\Contains\Files\ not found.
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2962e708-b152-11db-ac57-806d6172696f}\_Autorun\DefaultIcon\\ deleted successfully.
[Files/Folders - Created Within 90 days]
C:\ComboFix\test folder moved successfully.
C:\ComboFix folder moved successfully.
C:\QooBox\Quarantine\Registry_backups folder moved successfully.
C:\QooBox\Quarantine\D folder moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\QooBox\Quarantine\C\WINDOWS folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\Zumie folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\Settings folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\Cache folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\FunWebProducts folder moved successfully.
C:\QooBox\Quarantine\C\Program Files\Common Files folder moved successfully.
C:\QooBox\Quarantine\C\Program Files folder moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Roxy\Application Data\ShoppingReport\cs folder moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Roxy\Application Data\ShoppingReport folder moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Roxy\Application Data folder moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Roxy folder moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings folder moved successfully.
C:\QooBox\Quarantine\C folder moved successfully.
C:\QooBox\Quarantine folder moved successfully.
C:\QooBox\lastrun folder moved successfully.
C:\QooBox\BackEnv folder moved successfully.
C:\QooBox folder moved successfully.
C:\SDFix\backups folder moved successfully.
C:\SDFix\apps\Replace\xp folder moved successfully.
C:\SDFix\apps\Replace\w2k folder moved successfully.
C:\SDFix\apps\Replace folder moved successfully.
C:\SDFix\apps folder moved successfully.
C:\SDFix folder moved successfully.
C:\WINDOWS\System32\1028s.exe moved successfully.
C:\WINDOWS\System32\2091 folder moved successfully.
C:\WINDOWS\System32\2451 folder moved successfully.
C:\WINDOWS\System32\2928 folder moved successfully.
C:\WINDOWS\System32\404Fix.exe moved successfully.
C:\WINDOWS\System32\dumphive.exe moved successfully.
C:\WINDOWS\System32\IEDFix.exe moved successfully.
C:\WINDOWS\System32\Process.exe moved successfully.
C:\WINDOWS\System32\SrchSTS.exe moved successfully.
C:\WINDOWS\System32\tmp.reg moved successfully.
C:\WINDOWS\System32\VACFix.exe moved successfully.
C:\WINDOWS\System32\vbpdtvdp.exe moved successfully.
C:\WINDOWS\System32\VCCLSID.exe moved successfully.
C:\WINDOWS\System32\WS2Fix.exe moved successfully.
C:\WINDOWS\444.471 moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\Roxy\Desktop\ComboFix.exe moved successfully.
C:\Documents and Settings\Roxy\Desktop\SDFix.exe moved successfully.
C:\Documents and Settings\Roxy\Desktop\SmitfraudFix.exe moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\ComboFix not found!
File C:\QooBox not found!
File C:\SDFix not found!
File C:\WINDOWS\System32\1028s.exe not found!
File C:\WINDOWS\System32\2091 not found!
File C:\WINDOWS\System32\2451 not found!
File C:\WINDOWS\System32\2928 not found!
File C:\WINDOWS\System32\404Fix.exe not found!
File C:\WINDOWS\System32\VACFix.exe not found!
File C:\WINDOWS\System32\vbpdtvdp.exe not found!
File C:\WINDOWS\444.471 not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\Roxy\Desktop\ComboFix.exe not found!
File C:\Documents and Settings\Roxy\Desktop\SDFix.exe not found!
File C:\Documents and Settings\Roxy\Desktop\SmitfraudFix.exe not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.10 fix logfile created on 06032008_170619

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat moved successfully.




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 894.42 MiB / 439.97 MiB
Pagefile Memory (total/avail): 2163.82 MiB / 1651.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.46 MiB

C: is Fixed (NTFS) - 182.19 GiB total, 145.9 GiB free.
D: is Fixed (FAT32) - 4.11 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200827A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.19 GiB - C:
\PARTITION1 - Unknown - 4.11 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080603-0] v4.8.1201 (ALWIL Software)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Roxy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-9167397A84
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Roxy
LOGONSERVER=\\YOUR-9167397A84
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
USERDOMAIN=YOUR-9167397A84
USERNAME=Roxy
USERPROFILE=C:\Documents and Settings\Roxy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-9167397A84 (admin)
Roxy (admin)
Dinna (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Deckadance --> C:\Program Files\VstPlugins\Deckadance\uninstall.exe
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 1200 Series --> C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LimeWire 4.16.6 --> "C:\Documents and Settings\Roxy\Desktop\LimeWire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YourScreen --> "C:\Program Files\YourScreen\UNINSTAL.EXE" /U "C:\Program Files\YourScreen\INSTALL.LOG"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4682 / Error
Event Submitted/Written: 06/03/2008 05:20:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4679 / Warning
Event Submitted/Written: 06/03/2008 05:17:28 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4678 / Error
Event Submitted/Written: 06/03/2008 05:14:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type4673 / Warning
Event Submitted/Written: 06/03/2008 05:10:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4672 / Error
Event Submitted/Written: 06/03/2008 04:43:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29222 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
AmdK8
aswSP
aswTdi
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type29221 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type29220 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type29219 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Event Record #/Type29218 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-03 17:24:16 ------------



Deckard's System Scanner v20071014.68
Run by Roxy on 2008-06-03 17:22:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
72: 2008-06-03 21:13:16 UTC - RP395 - Deckard's System Scanner Restore Point
71: 2008-06-03 19:36:59 UTC - RP394 - ComboFix created restore point
70: 2008-06-03 18:17:24 UTC - RP393 - Software Distribution Service 3.0
69: 2008-06-01 03:47:52 UTC - RP392 - System Checkpoint
68: 2008-05-30 21:33:10 UTC - RP391 - Removed WeatherBug


-- First Restore Point --
1: 2008-03-06 21:19:24 UTC - RP324 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Roxy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roxy\Desktop\OTScanIt\dss.exe
C:\HIJACK~1\Roxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8926 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 17:21:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-03 17:04:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-03 16:21:54 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 15:45:38 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-03 15:36:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-03 15:36:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-03 15:36:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-03 15:36:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-03 15:36:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-03 15:36:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-03 15:36:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-03 15:36:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 14:31:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 14:28:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-01 12:22:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-01 12:22:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-29 19:15:44 0 d-------- C:\Program Files\VirtualDJ
2008-05-29 19:15:19 0 d-------- C:\Documents and Settings\Roxy\Application Data\WeatherBug
2008-05-29 19:15:15 0 d-------- C:\Program Files\AWS
2008-05-29 19:15:11 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-29 19:15:00 0 d-------- C:\Program Files\GamingSquared
2008-05-29 19:14:49 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\TomTom
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\Mozilla
2008-05-25 16:28:06 0 d-------- C:\Program Files\TomTom HOME 2
2008-05-25 16:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-25 16:18:19 0 d-------- C:\Program Files\TomTom HOME


-- Find3M Report ---------------------------------------------------------------

2008-06-03 15:42:26 0 d-------- C:\Program Files\Common Files
2008-06-03 14:13:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 17:46:10 0 d-------- C:\Documents and Settings\Roxy\Application Data\LimeWire
2008-05-27 06:07:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 15:56:16 69632 --a------ C:\WINDOWS\system32\userinit.exe
2008-04-29 00:02:32 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-10 09:34:14 0 d-------- C:\Program Files\Java
2008-04-09 16:59:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 16:59:00 0 d-------- C:\Program Files\3DGroove
2008-04-09 16:58:58 0 d-------- C:\Program Files\YourScreen
2008-04-09 16:58:58 0 d-------- C:\Program Files\Viewpoint
2008-04-09 16:58:58 0 d-------- C:\Documents and Settings\Roxy\Application Data\YourScreen


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 22:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"nwiz"="nwiz.exe" [2005-09-18 12:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"CHotkey"="zHotkey.exe" [2004-12-08 21:57 C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 21:07 C:\WINDOWS\system32\HdAShCut.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 15:38 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-31 13:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 18:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-23 20:10]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-01-31 13:15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion&#
  • 0

#6
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
IE Keeps crashing so i don't think it completed.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 894.42 MiB / 439.97 MiB
Pagefile Memory (total/avail): 2163.82 MiB / 1651.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.46 MiB

C: is Fixed (NTFS) - 182.19 GiB total, 145.9 GiB free.
D: is Fixed (FAT32) - 4.11 GiB total, 1.39 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200827A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.19 GiB - C:
\PARTITION1 - Unknown - 4.11 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080603-0] v4.8.1201 (ALWIL Software)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1170264049\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner.YOUR-9167397A84\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Roxy\\Desktop\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Roxy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-9167397A84
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Roxy
LOGONSERVER=\\YOUR-9167397A84
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Roxy\LOCALS~1\Temp
USERDOMAIN=YOUR-9167397A84
USERNAME=Roxy
USERPROFILE=C:\Documents and Settings\Roxy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-9167397A84 (admin)
Roxy (admin)
Dinna (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Deckadance --> C:\Program Files\VstPlugins\Deckadance\uninstall.exe
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 1200 Series --> C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LimeWire 4.16.6 --> "C:\Documents and Settings\Roxy\Desktop\LimeWire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YourScreen --> "C:\Program Files\YourScreen\UNINSTAL.EXE" /U "C:\Program Files\YourScreen\INSTALL.LOG"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4682 / Error
Event Submitted/Written: 06/03/2008 05:20:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4679 / Warning
Event Submitted/Written: 06/03/2008 05:17:28 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4678 / Error
Event Submitted/Written: 06/03/2008 05:14:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type4673 / Warning
Event Submitted/Written: 06/03/2008 05:10:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4672 / Error
Event Submitted/Written: 06/03/2008 04:43:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0000ec8d.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29222 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
AmdK8
aswSP
aswTdi
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type29221 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type29220 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type29219 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Event Record #/Type29218 / Error
Event Submitted/Written: 06/03/2008 04:21:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-03 17:24:16 ------------

Deckard's System Scanner v20071014.68
Run by Roxy on 2008-06-03 17:22:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
72: 2008-06-03 21:13:16 UTC - RP395 - Deckard's System Scanner Restore Point
71: 2008-06-03 19:36:59 UTC - RP394 - ComboFix created restore point
70: 2008-06-03 18:17:24 UTC - RP393 - Software Distribution Service 3.0
69: 2008-06-01 03:47:52 UTC - RP392 - System Checkpoint
68: 2008-05-30 21:33:10 UTC - RP391 - Removed WeatherBug


-- First Restore Point --
1: 2008-03-06 21:19:24 UTC - RP324 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Roxy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roxy\Desktop\OTScanIt\dss.exe
C:\HIJACK~1\Roxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8926 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 17:21:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-03 17:04:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-03 16:21:54 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 15:45:38 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-03 15:36:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-03 15:36:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-03 15:36:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-03 15:36:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-03 15:36:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-03 15:36:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-03 15:36:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-03 15:36:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 14:31:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 14:28:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-01 12:22:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-01 12:22:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-29 19:15:44 0 d-------- C:\Program Files\VirtualDJ
2008-05-29 19:15:19 0 d-------- C:\Documents and Settings\Roxy\Application Data\WeatherBug
2008-05-29 19:15:15 0 d-------- C:\Program Files\AWS
2008-05-29 19:15:11 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-29 19:15:00 0 d-------- C:\Program Files\GamingSquared
2008-05-29 19:14:49 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\TomTom
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\Mozilla
2008-05-25 16:28:06 0 d-------- C:\Program Files\TomTom HOME 2
2008-05-25 16:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-25 16:18:19 0 d-------- C:\Program Files\TomTom HOME


-- Find3M Report ---------------------------------------------------------------

2008-06-03 15:42:26 0 d-------- C:\Program Files\Common Files
2008-06-03 14:13:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 17:46:10 0 d-------- C:\Documents and Settings\Roxy\Application Data\LimeWire
2008-05-27 06:07:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 15:56:16 69632 --a------ C:\WINDOWS\system32\userinit.exe
2008-04-29 00:02:32 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-10 09:34:14 0 d-------- C:\Program Files\Java
2008-04-09 16:59:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 16:59:00 0 d-------- C:\Program Files\3DGroove
2008-04-09 16:58:58 0 d-------- C:\Program Files\YourScreen
2008-04-09 16:58:58 0 d-------- C:\Program Files\Viewpoint
2008-04-09 16:58:58 0 d-------- C:\Documents and Settings\Roxy\Application Data\YourScreen


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 22:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"nwiz"="nwiz.exe" [2005-09-18 12:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"CHotkey"="zHotkey.exe" [2004-12-08 21:57 C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 21:07 C:\WINDOWS\system32\HdAShCut.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 15:38 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-31 13:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 18:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-23 20:10]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-01-31 13:15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-23 20:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - AEC



-- End of Deckard's System Scanner: finished at 2008-06-03 17:24:16 ------------
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

You have two anti-virus programs, this causes a lot of problems, so you need to remove Avast or McAfee


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\spywarewarning.mht
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new DSS log
  • 0

#8
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
I was able to get to the step of removing the entry in hijackthis, i rebooted because the install wouldn't launch for step and now when i get to the login screen, i enter the users password, starts the login process, the desktop flashes for a second then logs off. It behaves the same way in safemode and after i choose Last known good configuration.

Any suggestions?

Thanks,
Td
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Very strange

Did you run any scans or do anything besides my instructions ?
  • 0

#10
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
Followed them to the letter. Should i try a system restore?
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yeah try that, let me know if it works

May have to send you over to the tech guys to fix this
  • 0

#12
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Actually, safemode works......could of swarn it didn't work this morning. Should i still try a sysrestore?
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No

Post the OTMoveIt log and a new DSS log from Safe Mode
  • 0

#14
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Deckard's System Scanner v20071014.68
Run by Roxy on 2008-06-04 12:07:26
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------



-- HijackThis (run as Roxy.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Roxy\Desktop\dss.exe
C:\HIJACK~1\Roxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket Publisher - http://pic.photobuck...t_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://roxy71986.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7715 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 16:21:54 0 d-------- C:\WINDOWS\ERUNT
2008-06-03 15:45:38 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-03 15:36:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-03 15:36:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-03 15:36:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-03 15:36:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-03 15:36:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-03 15:36:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-03 15:36:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-03 15:36:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 14:31:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 14:28:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-01 12:23:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-01 12:22:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-01 12:22:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-29 19:15:44 0 d-------- C:\Program Files\VirtualDJ
2008-05-29 19:15:19 0 d-------- C:\Documents and Settings\Roxy\Application Data\WeatherBug
2008-05-29 19:15:15 0 d-------- C:\Program Files\AWS
2008-05-29 19:15:11 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-05-29 19:15:00 0 d-------- C:\Program Files\GamingSquared
2008-05-29 19:14:49 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\TomTom
2008-05-25 16:28:26 0 d-------- C:\Documents and Settings\Roxy\Application Data\Mozilla
2008-05-25 16:28:06 0 d-------- C:\Program Files\TomTom HOME 2
2008-05-25 16:19:04 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-25 16:18:19 0 d-------- C:\Program Files\TomTom HOME


-- Find3M Report ---------------------------------------------------------------

2008-06-03 15:42:26 0 d-------- C:\Program Files\Common Files
2008-06-03 14:13:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-31 17:46:10 0 d-------- C:\Documents and Settings\Roxy\Application Data\LimeWire
2008-05-27 06:07:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 15:56:16 69632 --a------ C:\WINDOWS\system32\userinit.exe
2008-04-29 00:02:32 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-10 09:34:14 0 d-------- C:\Program Files\Java
2008-04-09 16:59:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 16:59:00 0 d-------- C:\Program Files\3DGroove
2008-04-09 16:58:58 0 d-------- C:\Program Files\YourScreen
2008-04-09 16:58:58 0 d-------- C:\Program Files\Viewpoint
2008-04-09 16:58:58 0 d-------- C:\Documents and Settings\Roxy\Application Data\YourScreen


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 22:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 12:32]
"nwiz"="nwiz.exe" [2005-09-18 12:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 12:32]
"CHotkey"="zHotkey.exe" [2004-12-08 21:57 C:\WINDOWS\zHotkey.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 21:07 C:\WINDOWS\system32\HdAShCut.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 15:38 C:\WINDOWS\RTHDCPL.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-31 13:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 18:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-23 20:10]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-01-31 13:15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-23 20:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - AEC
*Newly Created Service* - DMUSIC
*Newly Created Service* - KMIXER
*Newly Created Service* - NIC1394
*Newly Created Service* - SPLITTER
*Newly Created Service* - SWMIDI
*Newly Created Service* - SYSAUDIO
*Newly Created Service* - WDMAUD



-- End of Deckard's System Scanner: finished at 2008-06-04 12:07:49 ------------

Explorer killed successfully
File/Folder C:\WINDOWS\system32\spywarewarning.mht not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06042008_091956
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Then reboot and see if you can get into Normal Mode
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP