Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Explorer redirects me to wrong URL [RESOLVED]

Started by Spyderman , Sep 14 2007 10:55 PM

This topic is locked

#1
Spyderman

Posted 14 September 2007 - 10:55 PM

New Member

Member
9 posts

In the last few weeks I have done searches for "ABC item" and when I click on selected Link it sends me to a unwanted spyware webpage.. I have run multiple sweepers and cleaners and nothing. HELP!!!

Thanks in advance for the help.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:24 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0813440E-11C0-4D1A-B5C6-964B00D68013} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Pmtupplw\vgslzrbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {736026CF-2B76-43F1-9440-6A1261F25EBB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E73AE82-0A5E-4863-AA99-56750F6ED4A8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadc...FreeInstall.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery Solitaire\Images\stg_drm.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://sympatico.zon...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://office.knigh...emote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery Solitaire\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53083.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://www.opencube....im/comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
O20 - Winlogon Notify: urqrpom - urqrpom.dll (file missing)
O20 - Winlogon Notify: winqad32 - winqad32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANDREW~1.GOS/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12772 bytes

[b]VundoFix Log

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:50:51 PM 7/11/2007

Listing files found while scanning....

C:\windows\system32\aalaflhu.ini
C:\windows\system32\bgwmpwek.ini
C:\windows\system32\bigaffaj.ini
C:\windows\system32\cgwjhgun.dll
C:\windows\system32\cnvihoqo.ini
C:\windows\system32\jaffagib.dll
C:\windows\system32\jeqhkpum.dll
C:\WINDOWS\system32\jkhhh.dll
C:\windows\system32\jkjdmbpo.ini
C:\windows\system32\kewpmwgb.dll
C:\windows\system32\ldgvfptt.dll
C:\windows\system32\mupkhqej.ini
C:\windows\system32\nughjwgc.ini
C:\windows\system32\opbmdjkj.dll
C:\windows\system32\oqohivnc.dll
C:\windows\system32\uhlfalaa.dll

Beginning removal...

Attempting to delete C:\windows\system32\aalaflhu.ini
C:\windows\system32\aalaflhu.ini Has been deleted!

Attempting to delete C:\windows\system32\bgwmpwek.ini
C:\windows\system32\bgwmpwek.ini Has been deleted!

Attempting to delete C:\windows\system32\bigaffaj.ini
C:\windows\system32\bigaffaj.ini Has been deleted!

Attempting to delete C:\windows\system32\cgwjhgun.dll
C:\windows\system32\cgwjhgun.dll Has been deleted!

Attempting to delete C:\windows\system32\cnvihoqo.ini
C:\windows\system32\cnvihoqo.ini Has been deleted!

Attempting to delete C:\windows\system32\jaffagib.dll
C:\windows\system32\jaffagib.dll Has been deleted!

Attempting to delete C:\windows\system32\jeqhkpum.dll
C:\windows\system32\jeqhkpum.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\windows\system32\jkjdmbpo.ini
C:\windows\system32\jkjdmbpo.ini Has been deleted!

Attempting to delete C:\windows\system32\kewpmwgb.dll
C:\windows\system32\kewpmwgb.dll Has been deleted!

Attempting to delete C:\windows\system32\ldgvfptt.dll
C:\windows\system32\ldgvfptt.dll Has been deleted!

Attempting to delete C:\windows\system32\mupkhqej.ini
C:\windows\system32\mupkhqej.ini Has been deleted!

Attempting to delete C:\windows\system32\nughjwgc.ini
C:\windows\system32\nughjwgc.ini Has been deleted!

Attempting to delete C:\windows\system32\opbmdjkj.dll
C:\windows\system32\opbmdjkj.dll Has been deleted!

Attempting to delete C:\windows\system32\oqohivnc.dll
C:\windows\system32\oqohivnc.dll Has been deleted!

Attempting to delete C:\windows\system32\uhlfalaa.dll
C:\windows\system32\uhlfalaa.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:05:39 PM 7/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\pmkjg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:14:55 PM 7/11/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:55:52 PM 7/11/2011

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:19:43 PM 8/14/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:01:13 PM 8/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\ssttq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:26:46 PM 9/14/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:35:43 PM 9/14/2007

Listing files found while scanning....

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 11:36:27 PM 9/14/2007

Listing files found while scanning....

C:\windows\system32\drvgevr.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvgevr.dll
C:\windows\system32\drvgevr.dll Has been deleted!

Performing Repairs to the registry.
Done!

#2
MoNsTeReNeRgY22

Posted 15 September 2007 - 12:52 PM

Member 2k

Member
2,539 posts

Hello and Welcome to Geeks to Go. :whistling:

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Step 1
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Step 2
Download Deckard's System Scanner (DSS) to your Desktop.

Close all applications and windows.
Double-click on DSS.exe to run it, and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Step 3
I need you to rename Hijackthis because I suspect that you may have the Vundo infection that can hide some entries in your log.

Please go to the folder where you saved Hijackthis.exe:
< C:\Program Files\Trend Micro\HijackThis\HijackThis.exe >
Right-click on it, then select Rename.
Please rename it to monster.exe

Step 4
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Step 5
Please post the following in your next reply

ComboFix Log
main.txt
extra.txt

Edited by MoNsTeReNeRgY22, 15 September 2007 - 12:53 PM.

#3
Spyderman

Posted 15 September 2007 - 02:54 PM

New Member

Topic Starter
Member
9 posts

OK I did all that and I ran all .exe's that were suggested... ComboFix ran with out a glitch
Dss on the other hand never created a Extra.txt ????

Here is the ComboLog and the main .txt

ComboFix 07-09-14.2 - "Andrew" 2007-09-15 15:27:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.506 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\cursor.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\setup.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\stopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timer.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\timericon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\tm.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\assets\warning.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\error.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\game.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\options.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\pause.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\start.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\style.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\strings.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.67\TriJinx.exe
C:\WINDOWS\system32\atwsettl
C:\WINDOWS\system32\atwsettl\bg1.gif
C:\WINDOWS\system32\atwsettl\bgtop.gif
C:\WINDOWS\system32\atwsettl\bottom1.gif
C:\WINDOWS\system32\atwsettl\essentials.gif
C:\WINDOWS\system32\atwsettl\icon1.ico
C:\WINDOWS\system32\atwsettl\install1.gif
C:\WINDOWS\system32\atwsettl\left1.gif
C:\WINDOWS\system32\atwsettl\li.gif
C:\WINDOWS\system32\atwsettl\logo.gif
C:\WINDOWS\system32\atwsettl\main.htm
C:\WINDOWS\system32\atwsettl\mainframe.htm
C:\WINDOWS\system32\atwsettl\reinstall1.gif
C:\WINDOWS\system32\atwsettl\right1.gif
C:\WINDOWS\system32\atwsettl\s1.htm
C:\WINDOWS\system32\atwsettl\s2.htm
C:\WINDOWS\system32\atwsettl\s3.htm
C:\WINDOWS\system32\atwsettl\SMTop1.gif
C:\WINDOWS\system32\atwsettl\SMTop2.gif
C:\WINDOWS\system32\atwsettl\SMTop3.gif
C:\WINDOWS\system32\atwsettl\SMTop4.gif
C:\WINDOWS\system32\atwsettl\soft1_off.gif
C:\WINDOWS\system32\atwsettl\soft1_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft1_on.gif
C:\WINDOWS\system32\atwsettl\soft1_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_off.gif
C:\WINDOWS\system32\atwsettl\soft2_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_on.gif
C:\WINDOWS\system32\atwsettl\soft2_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_off.gif
C:\WINDOWS\system32\atwsettl\soft3_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_on.gif
C:\WINDOWS\system32\atwsettl\soft3_on_ext.gif
C:\WINDOWS\system32\atwsettl\softbottom_off.gif
C:\WINDOWS\system32\atwsettl\softbottom_on.gif
C:\WINDOWS\system32\atwsettl\softleft_off.gif
C:\WINDOWS\system32\atwsettl\softleft_on.gif
C:\WINDOWS\system32\atwsettl\top1.gif
C:\WINDOWS\system32\atwsettl\top2.gif
C:\WINDOWS\system32\atwsettl\turnoff1.gif
C:\WINDOWS\system32\atwsettl\turnon1.gif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.

2007-09-15 15:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 01:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-15 01:09 <DIR> d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 01:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-09-15 00:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-15 00:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-09-15 00:39 <DIR> d-------- C:\Deckard
2007-09-15 00:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Office Genuine Advantage
2007-09-14 23:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-13 23:14 <DIR> d-------- C:\Program Files\Bonjour
2007-09-13 22:48 <DIR> d-------- C:\Program Files\Total Training
2007-09-13 22:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-13 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
2007-09-08 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SpinTop Games
2007-09-08 22:10 <DIR> d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\SpinTop
2007-09-06 22:01 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-08-30 23:20 6,448 ---hs---- C:\WINDOWS\system32\bbadd.bak1
2007-08-30 13:11 6,488 ---hs---- C:\WINDOWS\system32\pqtwa.bak1
2007-08-30 13:07 <DIR> d-------- C:\Program Files\Pmtupplw
2007-08-30 13:06 43,542 --a------ C:\WINDOWS\system32\iifcdax.dll.vir
2007-08-23 23:30 <DIR> d-------- C:\Program Files\FileZilla Client
2007-08-23 23:30 <DIR> d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\FileZilla
2007-08-22 22:46 <DIR> d-------- C:\Program Files\JAlbum7.2
2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom
2007-08-16 21:47 <DIR> d-------- C:\Program Files\MSN Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 15:32 --------- d-------- C:\Program Files\PopUp Killer
2007-09-15 01:08 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 00:58 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-09-15 00:37 --------- d-------- C:\Program Files\Google
2007-09-15 00:30 --------- d-------- C:\Program Files\AT&T Global Network Client
2007-09-15 00:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-15 00:26 --------- d-------- C:\Program Files\LogMeIn
2007-09-13 23:03 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-13 22:44 --------- d-------- C:\Program Files\QuickTime
2007-09-13 22:43 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-09-13 22:35 --------- d-------- C:\Program Files\LimeWire
2007-09-08 22:13 --------- d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-31 00:08 --------- d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\U3
2007-08-30 22:55 --------- d-------- C:\Program Files\Blaze Media Pro
2007-08-20 18:43 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
2007-07-27 20:09 --------- d-------- C:\Program Files\Incomplete
2007-07-27 19:32 --------- d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\LimeWire
2007-07-24 16:32 --------- d-------- C:\DOCUME~1\ANDREW~1.GOS\APPLIC~1\WinRAR
2007-07-20 20:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 20:14 --------- d-------- C:\Program Files\CyberLink
2007-07-16 19:07 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AGNS
2007-07-11 02:00 12246223 --------- C:\AVG7QT.DAT
2006-12-27 16:38 774144 --a------ C:\Program Files\RngInterstitial.dll
2001-07-26 17:58 47 --a------ C:\Program Files\ACMonitor_X73.ini
2001-07-05 13:46 8116 --a------ C:\Program Files\OSLO3071b2.USB
2001-05-11 11:39 53248 --a------ C:\Program Files\ACMonitor_X73.exe
2001-05-08 16:36 114688 --a------ C:\Program Files\lxarscan.dll
2001-04-23 15:22 1437 --a------ C:\Program Files\gtx73.ini
2001-02-22 10:54 768 --a------ C:\Program Files\x73_lut.dat
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ÝÃÄ›Ò3113›.sys
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ÝÙÃÄ3113›.sys
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ØÝÃÄ3113›.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0813440E-11C0-4D1A-B5C6-964B00D68013}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{736026CF-2B76-43F1-9440-6A1261F25EBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E73AE82-0A5E-4863-AA99-56750F6ED4A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24]
"nwiz"="nwiz.exe" []
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 02:34 C:\WINDOWS\SOUNDMAN.EXE]
"PopUpKiller"="C:\Program Files\PopUp Killer\PopUpKiller.EXE" [2001-12-24 16:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 03:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 23:50]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrpom]
urqrpom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqad32]
winqad32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew.GOSEN-77YXEUDV7^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\Andrew.GOSEN-77YXEUDV7\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew.GOSEN-77YXEUDV7^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Andrew.GOSEN-77YXEUDV7\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew.GOSEN-77YXEUDV7^Start Menu^Programs^Startup^Registration-Studio 8 SE.lnk]
path=C:\Documents and Settings\Andrew.GOSEN-77YXEUDV7\Start Menu\Programs\Startup\Registration-Studio 8 SE.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8 SE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abynipkx.exe]
C:\Documents and Settings\All Users.WINDOWS\Application Data\abynipkx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win5DFE.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvgev.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCAM]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
rundll32.exe "C:\WINDOWS\system32\cgwjhgun.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSP - restore settings on power failure]
"C:\Program Files\AT&T Global Network Client\NetSP.exe" -show

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkrefuhk]
regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\pkrefuhk.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
"c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe" -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysWsa32]
C:\WINDOWS\system32\WSA32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylaxobyn]
rundll32.exe "C:\Program Files\ylaxobyn\cxcxmzkv.dll",Init

R1 hlp;FAST HLP Driver;C:\WINDOWS\system32\Drivers\Hlp.Sys
R1 SSHDRV5A;SSHDRV5A;\??\C:\WINDOWS\system32\drivers\SSHDRV5A.sys
R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S2 LXARScan;Lexmark X73 MFP Scanner;C:\WINDOWS\system32\Drivers\Lxarscan.sys
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys
S3 MN110-50;Microsoft® USB Adapter MN-110;C:\WINDOWS\system32\DRIVERS\MN110-50.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90bd2f50-2f57-11dc-b885-000d61234279}]
AutoRun\command- F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 03:42:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 15:34:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 15:37:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 15:37
.
--- E O F ---

MAIN.txt

Deckard's System Scanner v20070905.67
Run by Andrew on 2007-09-15 15:51:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:58 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew.GOSEN-77YXEUDV7\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0813440E-11C0-4D1A-B5C6-964B00D68013} - (no file)
O2 - BHO: (no name) - {736026CF-2B76-43F1-9440-6A1261F25EBB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E73AE82-0A5E-4863-AA99-56750F6ED4A8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery Solitaire\Images\stg_drm.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://sympatico.zon...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://office.knigh...emote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery Solitaire\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53083.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://www.opencube....im/comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
O20 - Winlogon Notify: urqrpom - urqrpom.dll (file missing)
O20 - Winlogon Notify: winqad32 - winqad32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANDREW~1.GOS/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12510 bytes

-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2100-02-23 15:35:34 768 --a------ C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2011-07-11 23:48:15 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2011-07-11 23:48:15 252176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2011-07-11 23:48:15 24848 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2011-07-11 23:48:15 123664 -

#4
MoNsTeReNeRgY22

Posted 15 September 2007 - 05:31 PM

Member 2k

Member
2,539 posts

Some of the DSS log got cut off, so lets do this to get everything.

1. Close all programs and/or windows so that you have nothing open and are at your Desktop.
2. Click on Start, then click on Run.
3. In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button.

"%userprofile%\Desktop\dss.exe" /config

This will open up DSS configuration.
4. Click on Check All.
5. Click Scan.
DSS will now run again.
6. When finished, please post back both logs that open in Notepad: main.txt and extra.txt.

#5
Spyderman

Posted 16 September 2007 - 01:29 AM

New Member

Topic Starter
Member
9 posts

Thank you for the insight and thank you for your time and effort.

Extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.48 MiB / 514.28 MiB
Pagefile Memory (total/avail): 2463.97 MiB / 2105.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS)
D: is Fixed (NTFS)
E: is Fixed (NTFS)

P: is CDROM (No Media)
R: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD1600JB-00FUA0 - 2 partitions
\PARTITION0 - Installable File System - D:
\PARTITION1 - Installable File System - E:

\\.\PHYSICALDRIVE0 - WDC WD400JB-00ENA0 - 1 partition
\PARTITION0 (bootable) - Installable File System - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\**********-77YXEUDV7\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=$$$$$$$$
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\**********-77YXEUDV7
LOGONSERVER=\\$$$$$$$$
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDREW~1.GOS\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDREW~1.GOS\LOCALS~1\Temp
USERDOMAIN=$$$$$$$$
USERNAME=Andrew
USERPROFILE=C:\Documents and Settings\**********-77YXEUDV7
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

**********-77YXEUDV7 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7614A41A-FB61-4016-9841-BA6D72CF7E74}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe After Effects 6.5 --> MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 1.5 --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AT&T Global Network Client Professional --> MsiExec.exe /I{2E21CBDA-1EDF-4C18-A561-DB53D683229F}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Blaze Media Pro --> "C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
FileZilla Client 3.0.0-rc1 --> C:\Program Files\FileZilla Client\uninstall.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LogMeIn --> MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8833100-1481-11D4-9731-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero 7 Demo --> MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
NTI Backup NOW! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD & DVD-Maker 6 Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
NTI DriveBackup! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033 DIBText
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OLYMPUS Master 2 --> MsiExec.exe /X{CB49B376-1136-44B4-83FA-036334B59937}
PopUp Killer --> C:\WINDOWS\iun6002.exe "C:\Program Files\PopUp Killer\irunin.ini"
PowerDirector Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trellian SEO Toolkit v2.0 --> "C:\Program Files\TRELLIAN\SEO Toolkit v2.0\unins000.exe"
Trellian SubmitWolf v7.0 --> "C:\Program Files\TRELLIAN\Submitwolf7\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Typograf4.8f --> C:\Program Files\Typograf\Uninstal.exe "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Typograf"
Visual QuickMenu Pro --> MsiExec.exe /I{A395DEEC-1FB5-4449-9A69-1469F153FDA1}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type5051 / Success
Event Submitted/Written: 09/15/2007 03:36:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5035 / Success
Event Submitted/Written: 09/15/2007 08:46:16 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5028 / Error
Event Submitted/Written: 09/15/2007 07:40:00 AM
Event ID/Source: 455 / ESENT
Event Description:
msnmsgr (232) \\.\C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5824_66B4_2466_9532\dfsr.db: Error -1032 (0xfffffbf8) occurred while opening logfile \\.\C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5824_66B4_2466_9532\fsr.log.

Event Record #/Type5027 / Error
Event Submitted/Written: 09/15/2007 07:40:00 AM
Event ID/Source: 489 / ESENT
Event Description:
msnmsgr (232) An attempt to open the file "\\.\C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5824_66B4_2466_9532\fsr.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type5026 / Error
Event Submitted/Written: 09/15/2007 07:39:50 AM
Event ID/Source: 455 / ESENT
Event Description:
msnmsgr (232) \\.\C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5824_66B4_2466_9532\dfsr.db: Error -1032 (0xfffffbf8) occurred while opening logfile \\.\C:\Documents and Settings\**********-77YXEUDV7\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5824_66B4_2466_9532\fsr.log.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.

-- End of Deckard's System Scanner: finished at 2007-09-16 02:17:50 ------------

Main.txt

Deckard's System Scanner v20070905.67
Run by Andrew on 2007-09-16 02:13:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
55: 2007-09-16 07:14:25 UTC - RP988 - Deckard's System Scanner Restore Point
54: 2007-09-15 20:27:23 UTC - RP987 - ComboFix created restore point
53: 2007-09-15 06:09:11 UTC - RP986 - Installed SUPERAntiSpyware Free Edition
52: 2007-09-15 05:57:31 UTC - RP985 - Removed Ad-Aware 2007
51: 2007-09-15 05:39:49 UTC - RP984 - Deckard's System Scanner Restore Point

-- First Restore Point --
1: 2007-08-11 10:48:40 UTC - RP934 - Windows Defender Checkpoint

Performed disk cleanup.

-- HijackThis (run as Andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:44 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\**********-77YXEUDV7\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0813440E-11C0-4D1A-B5C6-964B00D68013} - (no file)
O2 - BHO: (no name) - {736026CF-2B76-43F1-9440-6A1261F25EBB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E73AE82-0A5E-4863-AA99-56750F6ED4A8} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery Solitaire\Images\stg_drm.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://sympatico.zon...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://office.knigh...emote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery Solitaire\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53083.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://www.opencube....im/comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
O20 - Winlogon Notify: urqrpom - urqrpom.dll (file missing)
O20 - Winlogon Notify: winqad32 - winqad32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANDREW~1.GOS/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12492 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
.scr - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 hlp (FAST HLP Driver) - c:\windows\system32\drivers\hlp.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SSHDRV5A - c:\windows\system32\drivers\sshdrv5a.sys
R2 agnwifi (AT&T Wi-Fi Support Driver) - c:\windows\system32\drivers\agnwifi.sys <Not Verified; AT&T; AT&T Global Network Client>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 catchme - c:\docume~1\andrew~1.gos\locals~1\temp\catchme.sys (file missing)
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 LXARScan (Lexmark X73 MFP Scanner) - c:\windows\system32\drivers\lxarscan.sys (file missing)
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 NetCfgSvr (Network Configuration Service) - c:\program files\at&t global network client\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Askwdccsra -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\649F319900
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\649F319900
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET00
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET00
Service: avpnnic

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 976)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1448)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1600)
2007-08-11 08:17:44 41472 --a------ C:\Program Files\FileZilla Client\fzshellext.dll <Not Verified; ; fzshellext Dynamic Link Library>
2005-11-15 12:07:16 1802240 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2005-11-14 17:58:54 73728 --a------ C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll <Not Verified; Nero AG; Nero BackItUp>
2007-02-27 12:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2007-05-22 10:59:22 128512 --a------ C:\Program Files\WinRAR\RarExt.dll
2003-04-07 01:47:34 405588 --a------ C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll <Not Verified; Adobe Systems Inc.; Adobe Acrobat Elements>
2006-12-20 13:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>

-- Scheduled Tasks -------------------------------------------------------------

2007-09-13 22:42:42 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-08-16 and 2007-09-16 -----------------------------

2100-02-23 15:35:34 768 --a------ C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2011-07-11 23:48:15 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2011-07-11 23:48:15 252176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2011-07-11 23:48:15 24848 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2011-07-11 23:48:15 123664 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2011-07-11 23:48:15 1046288 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-09-15 01:09:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-09-15 01:09:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-15 01:09:13 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\SUPERAntiSpyware.com
2007-09-15 00:47:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-09-15 00:47:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-15 00:18:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2007-09-14 23:21:43 0 d-------- C:\Program Files\Trend Micro
2007-09-13 23:14:17 0 d-------- C:\Program Files\Bonjour
2007-09-13 22:48:31 0 d-------- C:\Program Files\Total Training
2007-09-13 22:42:37 0 d-------- C:\Program Files\Apple Software Update
2007-09-13 22:42:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-09-08 22:13:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2007-09-08 22:10:15 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\SpinTop
2007-09-06 22:01:56 0 d-------- C:\Program Files\Yahoo! Games
2007-08-30 23:20:06 6448 ---hs---- C:\WINDOWS\system32\bbadd.bak1
2007-08-30 13:11:49 6488 ---hs---- C:\WINDOWS\system32\pqtwa.bak1
2007-08-30 13:07:24 0 d-------- C:\Program Files\Pmtupplw
2007-08-23 23:30:50 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\FileZilla
2007-08-23 23:30:36 0 d-------- C:\Program Files\FileZilla Client
2007-08-22 22:46:40 0 d-------- C:\Program Files\JAlbum7.2
2007-08-16 21:49:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
2007-08-16 21:47:55 0 d-------- C:\Program Files\MSN Games

-- Find3M Report ---------------------------------------------------------------

2007-09-15 15:32:32 0 d-------- C:\Program Files\PopUp Killer
2007-09-15 01:08:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 00:37:03 0 d-------- C:\Program Files\Google
2007-09-15 00:30:04 0 d-------- C:\Program Files\AT&T Global Network Client
2007-09-15 00:28:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-15 00:26:40 0 d-------- C:\Program Files\LogMeIn
2007-09-15 00:14:26 0 d-------- C:\Program Files\Java
2007-09-13 23:14:01 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-13 23:03:55 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-13 22:44:03 0 d-------- C:\Program Files\QuickTime
2007-09-13 22:35:03 0 d-------- C:\Program Files\LimeWire
2007-08-31 00:08:54 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\U3
2007-08-30 22:55:13 0 d-------- C:\Program Files\Blaze Media Pro
2007-08-30 21:59:32 0 d-a------ C:\Program Files\Common Files
2007-08-04 21:26:35 1145 --a------ C:\WINDOWS\checkip.dat
2007-08-04 21:26:18 1145 --a------ C:\WINDOWS\dhstatus.dat
2007-07-28 01:31:11 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-28 01:31:11 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-27 20:09:13 0 d-------- C:\Program Files\Incomplete
2007-07-27 19:32:46 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\LimeWire
2007-07-27 00:04:45 0 d-------- C:\Program Files\Movie Maker
2007-07-24 16:32:45 0 d-------- C:\Documents and Settings\**********-77YXEUDV7\Application Data\WinRAR
2007-07-22 10:53:46 282176 --a------ C:\WINDOWS\system32\ae700main.dat
2007-07-20 20:14:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 20:14:39 0 d-------- C:\Program Files\CyberLink
2007-07-11 22:53:43 1943282 -----n--- C:\WINDOWS\system32\hhhkj.ini2
2007-07-11 22:06:06 1937991 -----n--- C:\WINDOWS\system32\hhhkj.bak2
2007-07-11 02:00:10 12246223 -----n--- C:\AVG7QT.DAT
2007-06-24 22:57:20 1876225 -----n--- C:\WINDOWS\system32\gfhkj.ini2
2007-06-24 11:37:05 1877369 -----n--- C:\WINDOWS\system32\gfhkj.bak2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0813440E-11C0-4D1A-B5C6-964B00D68013}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{736026CF-2B76-43F1-9440-6A1261F25EBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E73AE82-0A5E-4863-AA99-56750F6ED4A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 05:24 PM]
"nwiz"="nwiz.exe" []
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 02:34 AM C:\WINDOWS\SOUNDMAN.EXE]
"PopUpKiller"="C:\Program Files\PopUp Killer\PopUpKiller.EXE" [12/24/2001 04:24 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/23/2007 03:46 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 02:03 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 04:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/10/2007 11:50 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/25/2007 03:22 PM 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrpom]
urqrpom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqad32]
winqad32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^**********-77YXEUDV7^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\**********-77YXEUDV7\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^**********-77YXEUDV7^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\**********-77YXEUDV7\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^**********-77YXEUDV7^Start Menu^Programs^Startup^Registration-Studio 8 SE.lnk]
path=C:\Documents and Settings\**********-77YXEUDV7\Start Menu\Programs\Startup\Registration-Studio 8 SE.lnk
backup=C:\WINDOWS\pss\Registration-Studio 8 SE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abynipkx.exe]
C:\Documents and Settings\All Users.WINDOWS\Application Data\abynipkx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win5DFE.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvgev.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCAM]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
rundll32.exe "C:\WINDOWS\system32\cgwjhgun.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSP - restore settings on power failure]
"C:\Program Files\AT&T Global Network Client\NetSP.exe" -show

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkrefuhk]
regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\pkrefuhk.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
"c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe" -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysWsa32]
C:\WINDOWS\system32\WSA32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylaxobyn]
rundll32.exe "C:\Program Files\ylaxobyn\cxcxmzkv.dll",Init

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90bd2f50-2f57-11dc-b885-000d61234279}]
AutoRun\command- F:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-09-16 02:17:50 ------------

#6
MoNsTeReNeRgY22

Posted 16 September 2007 - 09:53 AM

Member 2k

Member
2,539 posts

Hello again,

Step 1
Before we begin, did you manually add the following Windows Active Desktop Component?
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANDREW~1.GOS/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Step 2
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0813440E-11C0-4D1A-B5C6-964B00D68013} - (no file)
O2 - BHO: (no name) - {736026CF-2B76-43F1-9440-6A1261F25EBB} - (no file)
O2 - BHO: (no name) - {7E73AE82-0A5E-4863-AA99-56750F6ED4A8} - (no file)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe

O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
O20 - Winlogon Notify: urqrpom - urqrpom.dll (file missing)
O20 - Winlogon Notify: winqad32 - winqad32.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 3
Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.bak2
C:\AVG7QT.DAT
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gfhkj.bak2
C:\Program Files\LimeWire
C:\WINDOWS\system32\urqrpom.dll
C:\WINDOWS\system32\winqad32.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\urqrpom.dll
C:\WINDOWS\winqad32.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Step 4
Since you alreay have SUPERAntiSpyware installed, please do the following

Double-click the SUPERAntiSpyware icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply, along with the OTMoveIt Log and a fresh HJT Log.
Click Close to exit the program.

#7
Spyderman

Posted 17 September 2007 - 06:30 AM

New Member

Topic Starter
Member
9 posts

Here you go

Also in these scans I noticed a bunch of unused programs is ther a cleaner for that?

Super Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2007 at 00:51 AM

Application Version : 3.9.1008

Core Rules Database Version : 3307
Trace Rules Database Version: 1313

Scan type : Complete Scan
Total Scan Time : 02:13:51

Memory items scanned : 452
Memory threats detected : 0
Registry items scanned : 7524
Registry threats detected : 0
File items scanned : 144243
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@revsci[2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@tacoda[2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@zedo[2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@atdmt[2].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@hitbox[1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@questionmarket[1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@specificclick[1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@doubleclick[1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\[email protected][1].txt
C:\Documents and Settings\***********-77YXEUDV7\Cookies\andrew@mediaplex[1].txt

Trojan.Downloader-Gen/MobRules
C:\SYSTEM VOLUME INFORMATION\_RESTORE{18B1203A-D7BC-4A43-8E40-8CF4DE717937}\RP986\A0087880.DLL

Oldtimer

C:\WINDOWS\system32\bbadd.bak1 moved successfully.
C:\WINDOWS\system32\pqtwa.bak1 moved successfully.
C:\WINDOWS\system32\hhhkj.ini2 moved successfully.
C:\WINDOWS\system32\hhhkj.bak2 moved successfully.
C:\AVG7QT.DAT moved successfully.
C:\WINDOWS\system32\gfhkj.ini2 moved successfully.
C:\WINDOWS\system32\gfhkj.bak2 moved successfully.
C:\Program Files\LimeWire moved successfully.
File/Folder C:\WINDOWS\system32\urqrpom.dll not found.
File/Folder C:\WINDOWS\system32\winqad32.dll not found.
File/Folder C:\WINDOWS\system32\jkhfg.dll not found.
File/Folder C:\WINDOWS\urqrpom.dll not found.
File/Folder C:\WINDOWS\winqad32.dll not found.

Created on 09/16/2007 22:33:04

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:21 AM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\monster.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery Solitaire\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://sympatico.zon...nx.1.0.0.67.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://office.knigh...emote/msrdp.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab42341.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery Solitaire\Images\armhelper.ocx
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53083.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://www.opencube....im/comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 11563 bytes

Edited by Spyderman, 17 September 2007 - 08:21 AM.

#8
MoNsTeReNeRgY22

Posted 17 September 2007 - 06:40 PM

Member 2k

Member
2,539 posts

Hello,

Your logs look clean but what do you mean by unused programs? If you want some removed from Add or Remove programs just let me know and I will help you.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

#9
Spyderman

Posted 17 September 2007 - 07:50 PM

New Member

Topic Starter
Member
9 posts

MoNsTeReNeRgY22 YOu are the bomb!!!! Thanks

As for the unused items.... when it was scanning my registry I saw that programs in there that I know I have not had on my machine for years..... would I benefit from cleaning those out?

A few of the programs below are duplicated why is that? Like "Adobe After Effects CS3" I only installed once

Here is my uninstall list

Adobe Acrobat 6.0 Professional
Adobe After Effects 7.0
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Premiere Pro 1.5
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Software Update
AT&T Global Network Client Professional
AVG Anti-Spyware 7.5
AVG Free Edition
Belarc Advisor 7.2
Canon CanoScan Toolbox 4.1
Canon ScanGear Starter
CDex extraction audio
CuteFTP 7 Professional
DVD Shrink 3.2
Enable S3 for USB Device
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Java™ 6 Update 2
LogMeIn
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 4
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
NTI Backup NOW! 3
NTI CD & DVD-Maker 6 Gold
NTI DriveBackup! 3
NVIDIA Drivers
OLYMPUS Master 2
PopUp Killer
PowerDirector Express
PowerDVD
PowerProducer
QuickTime
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SnagIt 8
SUPERAntiSpyware Free Edition
Trellian SEO Toolkit v2.0
Trellian SubmitWolf v7.0
Tweak UI
Typograf4.8f
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Visual QuickMenu Pro
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

#10
MoNsTeReNeRgY22

Posted 17 September 2007 - 10:55 PM

Member 2k

Member
2,539 posts

Don't worry about the uninstall list. But to clean up old registry entries use and download CCleaner from the following link.
http://majorgeeks.co...wnload4191.html

Run each of the tabs, and make sure wehn it asks to make a backup of your registry. Save it to a safe place.

If you have any questions, feel free to ask.

#11
Spyderman

Posted 18 September 2007 - 11:05 AM

New Member

Topic Starter
Member
9 posts

Again Thanks a million for the help!!!!!
Keep up the good work

#12
MoNsTeReNeRgY22

Posted 20 September 2007 - 06:34 AM

Member 2k

Member
2,539 posts

Nice job your log looks clean !
How is it running ?
Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

Click Start, Settings, Control Panel
Double-click the System icon
Click the Performance tab, File System, Troubleshooting tab
Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
Then uncheck "Turn off System Restore" which will create a new System Restore point
Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.
DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.
**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little

How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing

#13
MoNsTeReNeRgY22

Posted 25 September 2007 - 08:56 PM

Member 2k

Member
2,539 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.