Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

medichi.exe and medichi2.exe problems [RESOLVED]


  • This topic is locked This topic is locked

#1
alcee410

alcee410

    Member

  • Member
  • PipPip
  • 30 posts
I have a big problem with my computer. I believe it's medichi.exe and medichi2.exe, according to "Spyware Doctor". This problem has resulted in restrictions on my computer. I get error messages that read "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." Also I have noticed the following things:
- The time is wrong, and it won't let me change it.
- Sometimes, a window pops that saying that it is copying something, but it does not say what. If I let this copying finish, it leads to another window that says my comp is infected and to click a button to download spyware removal.
- Many websites do not load, whereas others do.
- I can no longer use AOL instant messenger, or Yahoo messenger.
- The computer is slow in general
- My Flash driver was removed and I had to download it again for such things as "YouTube"
- My Control Panel is gone
- these are the things I have noticed and can remember now.

Before I ran HijackThis, I tried to follow the instructions in the "You Must Read This Before Posting..." article. I succeeded to do most of the steps, except I had the following problems:
- after downloading AVG Anti-Spyware and going into safemode to run it, I got the error message "Connection to service failed. Please reinstall AVG Anti-Spyware 7.5". I did reinstall, but the same thing happened. However, I had earlier ran Spyware Doctor which informed me that I have medichi.exe, but it could not delete it.
- I could not load the Panda Activescan webpage
- Since I may have malaware, I did not install the SP2 pack, but I tried installing SP1a. However, I got a message saying that I have a newer version, and so cannot download SP1a.

FYI: the SUPERAntiSpyware software detected 29 infected FILES, and 323 Registry items, for a total of 352 infected files. I will paste the Scan Log here too.

Following are three logs (Antispyware Scan Log, HijackThis log, and Uninstall_list.txt). Please help me as soon as possible. Your help would be greatly appreciated. Thanks.


SUPERAntiSpyware Scan Log:

SUPERAntiSpyware Scan Log
Generated 01/01/2008 at 07:59 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 02:05:15

Memory items scanned : 587
Memory threats detected : 0
Registry items scanned : 5408
Registry threats detected : 323
File items scanned : 64841
File threats detected : 29

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32
C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR
HKU\S-1-5-21-1675422232-1767334965-3356651856-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-21-1675422232-1767334965-3356651856-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\Cache\0071AA7B.bin
C:\Program Files\MyWay\myBar\Cache\0071AED2.bin
C:\Program Files\MyWay\myBar\Cache\0071B551.bin
C:\Program Files\MyWay\myBar\Cache\files.ini
C:\Program Files\MyWay\myBar\Cache
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay

Adware.ToolBar888
HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\InprocServer32
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\InprocServer32#ThreadingModel
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\ProgID
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\Programmable
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\TypeLib
HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\VersionIndependentProgID
C:\PROGRAM FILES\TOOLBAR888\MYTOOLBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
HKCR\MyToolBar.MyToolBarObj.1
HKCR\MyToolBar.MyToolBarObj.1\CLSID
HKCR\MyToolBar.MyToolBarObj
HKCR\MyToolBar.MyToolBarObj\CLSID
HKCR\MyToolBar.MyToolBarObj\CurVer
HKCR\TypeLib\{CD2A09D7-EE7E-4c25-993C-C2678ECFAD01}
HKU\S-1-5-21-1675422232-1767334965-3356651856-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}
C:\Program Files\Toolbar888\Activate.exe
C:\Program Files\Toolbar888\Uninst.exe
C:\Program Files\Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
HKLM\Software\Classes\MyToolBar.MyToolBarObj
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID
HKU\S-1-5-21-1675422232-1767334965-3356651856-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}

Adware.Tracking Cookie
C:\Documents and Settings\Alan\Cookies\[email protected][1].txt
C:\Documents and Settings\Alan\Cookies\[email protected][1].txt

Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart
HKLM\Software\Gator.com\Gator\dyn\GCH
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#170-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#170-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#172-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#172-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#173-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#173-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#174-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#174-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#175-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#175-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#177-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#177-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#178-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#178-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#179-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#179-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#181-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#181-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#182-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#182-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#183-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#183-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#184-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#184-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#186-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#186-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#188-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#188-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#170-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#170-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#172-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#172-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#173-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#173-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#174-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#174-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#175-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#175-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#177-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#177-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#178-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#178-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#179-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#179-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#181-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#181-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#182-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#182-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#183-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#183-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#184-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#184-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#185-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#185-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#186-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#186-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#188-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#188-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#StartTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#OldestTime
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#159-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#159-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#160-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#160-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#161-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#161-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#162-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#162-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#167-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#167-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#168-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#168-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#170-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#170-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#172-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#172-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#173-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#173-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#174-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#174-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#175-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#175-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#177-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#177-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#178-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#178-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#179-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#179-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#181-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#181-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#182-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#182-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#183-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#183-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#184-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#184-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#186-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#186-bytes
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#188-12007
HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#188-bytes
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat#Guid
HKLM\Software\Gator.com\GInternet
HKLM\Software\Gator.com\GInternet\Proxy
HKLM\Software\Gator.com\GInternet\Proxy#Enabled
HKLM\Software\Gator.com\Trickler
HKLM\Software\Gator.com\Trickler#FirstStartValue
HKLM\Software\Gator.com\Trickler#StartTime
HKLM\Software\Gator.com\Trickler#FirstStartSent
HKLM\Software\Gator.com\Trickler#AppPath
HKLM\Software\Gator.com\Trickler\Files
HKLM\Software\Gator.com\Trickler\Files\Bundle
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\Bundle\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\OemResDll
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\OemResDll\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\SilentSetup
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#CheckFailures
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\chk#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Attempts
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#Errors
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#FileDones
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlTime
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#UrlSize
HKLM\Software\Gator.com\Trickler\Files\SilentSetup\dl#StoredFile
HKLM\Software\Gator.com\Trickler\Files\TricklerInf
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Attempts
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#Errors
HKLM\Software\Gator.com\Trickler\Files\TricklerInf#FileDones

Special Offers Networks Adware
C:\RECYCLER\S-1-5-21-1675422232-1767334965-3356651856-1005\DC1\SPECIALOFFERS.EXE


HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:39 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\shovth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\505dete2.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SpecialOffers] C:\WINDOWS\specialoffers4.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\alan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\Temp\checkmem.exe /optimize speed
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: murka.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15068 bytes


Uninstall List
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
AIM 6
AOL Instant Messenger
Ares 1.9.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 7.5
BroadJump Client Foundation
Canon PhotoRecord
Canon PIXMA iP1500
Canon Utilities Easy-PhotoPrint
CC_ccProxyMSI
CC_ccStart
ccCommon
Click to DVD 2.0 Menu Data
Click to DVD 2.0.02
Creative MediaSource
Creative System Information
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Easy-WebPrint
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HotKey Utility
InterVideo WinDVD 5 for VAIO
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_01
LAN-Express AS IEEE 802.11 Wireless LAN
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Memory Stick Formatter
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
MoodLogic
Mozilla Firefox (2.0.0.9)
MSRedist
Native Instruments Traktor DJ Studio 2.5.1
Netscape (7.02)
Netscape Internet Service Setup
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Secure Module 3.4.00
Quicken 2004
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
SoftV92 Data Fax Modem with SmartCP
SonicStage 2.0.02
Sony ACID 4.0f
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Sound Blaster Live! 24-Bit External
Spyware Doctor 5.1
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.0
VAIO Media Integrated Server 3.0
VAIO Media Redistribution 3.0
VAIO Power Management
VAIO Registration
VAIO SLIT Pattern Wallpaper
VAIO SLIT-C Screen Saver
VAIO Survey Standalone
VAIO Update 2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Welcome to VAIO life
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

welcome to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine to give me something to work off.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

andrewuk
  • 0

#3
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi. Ok, here is the text from both logs. Thank you for your help.


Deckard's System Scanner v20071014.68
Run by Alan on 2008-01-07 03:18:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-01-07 11:19:18 UTC - RP534 - Deckard's System Scanner Restore Point
4: 2008-01-03 09:05:52 UTC - RP533 - System Checkpoint
3: 2008-01-01 05:27:12 UTC - RP532 - Installed SUPERAntiSpyware Free Edition
2: 2007-12-28 05:58:06 UTC - RP531 - System Checkpoint
1: 2007-12-26 20:28:34 UTC - RP530 - Geekstogo Directions


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 0.7 GiB (less than 15%) free.


-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:29 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Alan\Desktop\dss.exe
C:\DOCUME~1\Alan\Desktop\Alan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\505dete2.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SpecialOffers] C:\WINDOWS\specialoffers4.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\alan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\Temp\checkmem.exe /optimize speed
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.co...ltInstaller.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: murka.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14989 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20071127.002\symidsco.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing)
S2 CiscoVpnInstallService (Cisco Systems, Inc. Installer service) - c:\documents and settings\alan\local settings\temp\wzsb1.tmp\installservice.exe (file missing)
S3 PACSPTISVR - c:\progra~1\common~1\sonysh~1\avlib\pacspt~1.exe <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-07 03:22:00 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-21 20:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-02 09:28:14 0 d-------- C:\Program Files\Trillian
2008-01-02 09:24:40 89088 ---h----- C:\WINDOWS\WINDOWS.exe
2008-01-01 08:31:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50:09 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:25:14 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24:43 0 d-------- C:\Program Files\AIM6
2007-12-31 21:29:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27:16 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-12-22 16:05:36 0 d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2007-12-22 16:05:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 11:26:41 0 dr-h----- C:\$VAULT$.AVG
2007-12-22 11:23:12 9216 --a------ C:\WINDOWS\system32\suspend.exe
2007-12-22 11:14:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 11:13:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-12-22 11:10:27 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-12-22 11:06:52 0 d-------- C:\Program Files\Spyware Doctor
2007-12-22 11:06:52 0 d-------- C:\Documents and Settings\Alan\Application Data\PC Tools
2007-12-22 10:02:14 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-12-22 10:00:42 29184 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-12-22 10:00:36 89088 ---h----- C:\Documents and Settings\TEMP\TEMP.exe
2007-12-22 10:00:28 89088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-22 10:00:23 29184 --a------ C:\WINDOWS\wsystmp_rsr.exe
2007-12-22 09:59:53 163721 --a------ C:\Documents and Settings\Alan\Application Data\antivirus.exe
2007-12-22 09:59:30 89088 ---h----- C:\.exe
2007-12-22 09:59:23 89088 ---hs---- C:\402528E8.exe
2007-12-22 09:59:20 89088 ---hs---- C:\WINDOWS\system32\winsn.exe
2007-12-22 09:59:20 89088 ---hs---- C:\WINDOWS\system32\shovth.exe
2007-12-22 09:59:19 28929 --a------ C:\WINDOWS\system32\winsos.exe
2007-12-22 09:59:11 89088 --a------ C:\WINDOWS\wsystmp_huv.exe
2007-12-22 09:57:14 6144 --a------ C:\WINDOWS\system32\user32.dat
2007-12-22 09:56:32 6144 --a------ C:\WINDOWS\murka.dat
2007-12-22 09:54:30 35840 --a------ C:\WINDOWS\wsystmp_vzt.exe
2007-12-22 09:53:56 18944 --a------ C:\WINDOWS\system32\wowfx(2).dll
2007-12-22 09:53:55 9728 --a------ C:\Documents and Settings\Alan\Application Data\printer.exe
2007-12-22 08:59:27 0 d-------- C:\Documents and Settings\TEMP\Application Data\AVG7
2007-12-22 04:37:48 0 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
2007-12-21 20:05:03 0 d-------- C:\Program Files\EliteProtector
2007-12-21 18:25:51 89088 ---h----- C:\Documents and Settings\Administrator\Administrator.exe
2007-12-21 17:59:01 89088 ---h----- C:\Documents and Settings\Alan\Alan.exe
2007-12-18 01:51:28 15872 --a------ C:\WINDOWS\windisk.dll
2007-12-18 00:51:01 28929 --a------ C:\WINDOWS\trayicons.exe
2007-12-08 22:53:15 4456448 --a------ C:\Documents and Settings\Alan\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-01-07 03:08:30 0 d-------- C:\Program Files\Common Files
2007-12-25 08:45:39 0 d-------- C:\Program Files\Traktor DJ Studio
2007-12-25 04:35:50 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe
2007-12-22 11:26:43 0 d--hs---- C:\Program Files\outlook
2007-12-22 11:26:43 0 d-------- C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}
2007-12-22 09:54:18 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 05:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/27/2004 08:10 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 09:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/11/2003 10:03 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/12/2004 10:01 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 02:36 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/12/2005 02:37 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [12/11/2003 06:35 PM]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [02/25/2004 05:08 AM]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" []
"SpecialOffers"="C:\WINDOWS\specialoffers4.exe" []
"SbUsb AudCtrl"="sbusbdll.dll" [07/08/2004 06:27 PM C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/25/2005 03:01 PM]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"Trickler"="c:\documents and settings\alan\local settings\temp\fsg_4104.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2006 04:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/2006 04:34 PM]
"avp"="C:\WINDOWS\avp.exe" []
"Medichi"="medichi.exe" []
"Medichi2"="medichi2.exe" []
"sis32"="C:\WINDOWS\system32\winsos.exe" [01/07/2008 03:10 AM]
"winroot"="C:\WINDOWS\system32\winsn.exe" [12/22/2007 09:59 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 04:04 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [06/25/2004 10:21 AM]
"SpecialOffers"="C:\WINDOWS\SpecialOffers.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/05/2006 07:29 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/09/2007 09:14 PM]
"StartUp"="C:\WINDOWS\Temp\checkmem.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/18/2007 11:04 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 10:05:56 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 1:08:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{402528E8-0AE7-1033-0519-040404230001}"="C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=murka.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
AutoRun\command- G:\
open\Command- G:\BC175E47.exe




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.chDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 446.98 MiB / 125.51 MiB
Pagefile Memory (total/avail): 1054.38 MiB / 382.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.84 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 0.7 GiB free.
D: is Fixed (NTFS) - 36.9 GiB total, 20.84 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick or MemoryStickPro Device

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.9 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2004 (Symantec Corporation)
AV: AVG 7.5.503 v7.5.503 (Grisoft) Outdated
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"="C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe:*:Disabled:Click to DVD"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Ares\\Ares.exe"="D:\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALANCOMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alan
LOGONSERVER=\\ALANCOMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
USERDOMAIN=ALANCOMP
USERNAME=Alan
USERPROFILE=C:\Documents and Settings\Alan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alan (admin)
Administrator (admin)
TEMP (guest)
Guest.ALANCOMP (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive 24-Bit External\Program\Ctzapxx.EXE" SBUSB.INI /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Ares 1.9.0 --> "D:\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500 --> C:\WINDOWS\System32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Click to DVD 2.0 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.0.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Alan\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office
  • 0

#4
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi. Sorry, the extra.txt log didn't fit entirely. Also, for some reason, main.txt got cut off a few lines before it ended. So, I'm pasting the last few lines here. Then, I will re-post the "extra.txt" in a separate post.

-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

90 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-07 03:23:45 ------------
  • 0

#5
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OK, and here is the "extra.txt" in its entirety. Thanks again!

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 446.98 MiB / 125.51 MiB
Pagefile Memory (total/avail): 1054.38 MiB / 382.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.84 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 0.7 GiB free.
D: is Fixed (NTFS) - 36.9 GiB total, 20.84 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick or MemoryStickPro Device

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.9 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2004 (Symantec Corporation)
AV: AVG 7.5.503 v7.5.503 (Grisoft) Outdated
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe"="C:\\Program Files\\Sony\\click to dvd 2\\CtoDvd.exe:*:Disabled:Click to DVD"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Ares\\Ares.exe"="D:\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALANCOMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alan
LOGONSERVER=\\ALANCOMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
USERDOMAIN=ALANCOMP
USERNAME=Alan
USERPROFILE=C:\Documents and Settings\Alan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alan (admin)
Administrator (admin)
TEMP (guest)
Guest.ALANCOMP (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive 24-Bit External\Program\Ctzapxx.EXE" SBUSB.INI /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Ares 1.9.0 --> "D:\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500 --> C:\WINDOWS\System32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Click to DVD 2.0 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.0.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Alan\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Native Instruments Traktor DJ Studio 2.5.1 --> C:\PROGRA~1\TRAKTO~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\TRAKTO~1\UNINST~1\INSTALL.LOG
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Netscape Internet Service Setup --> "C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenMG Limited Patch 3.4-03-12-16-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-03-12-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}\Setup.exe" -l0x9 UNINSTALL
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8175104D
SonicStage 2.0.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony ACID 4.0f --> MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369}
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sound Blaster Live! 24-Bit External --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}\SETUP.EXE" -l0x9
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{545DB151-1514-4FFC-BF2F-FE8FBBD06987}\setup.exe" -l0x9
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type14799 / Error
Event Submitted/Written: 01/07/2008 03:09:06 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application UPnPFramework.exe, version 5.0.0.14230, faulting module unknown, version 0.0.0.0, fault address 0x0012d858.
Processing media-specific event for [UPnPFramework.exe!ws!]

Event Record #/Type14797 / Error
Event Submitted/Written: 01/07/2008 03:08:36 AM
Event ID/Source: 100 / UPnPFramework
Event Description:
Error in UPnPFramework [ID=IntegratedServer, Cause=Unable to start framework]

Event Record #/Type14793 / Error
Event Submitted/Written: 01/07/2008 03:06:55 AM
Event ID/Source: 108 / VzFw
Event Description:
Some error occurred when starting folder watch. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Event Record #/Type14781 / Error
Event Submitted/Written: 01/03/2008 02:49:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application UPnPFramework.exe, version 5.0.0.14230, faulting module unknown, version 0.0.0.0, fault address 0x0012d858.
Processing media-specific event for [UPnPFramework.exe!ws!]

Event Record #/Type14780 / Error
Event Submitted/Written: 01/03/2008 02:48:53 AM
Event ID/Source: 100 / UPnPFramework
Event Description:
Error in UPnPFramework [ID=IntegratedServer, Cause=Unable to start framework]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1279963 / Error
Event Submitted/Written: 01/07/2008 03:10:02 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVScan service failed to start due to the following error:
%%1053

Event Record #/Type1279962 / Error
Event Submitted/Written: 01/07/2008 03:10:02 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the SAVScan service to connect.

Event Record #/Type1279950 / Error
Event Submitted/Written: 01/07/2008 03:08:30 AM
Event ID/Source: 34 / W32Time
Event Description:
The time service has detected that the system time needs to be
changed by +417302 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|75.31.104.109:123->207.46.232.182:123) is working properly.

Event Record #/Type1279948 / Error
Event Submitted/Written: 01/07/2008 03:07:00 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Symantec Event Manager service to connect.

Event Record #/Type1279947 / Error
Event Submitted/Written: 01/07/2008 03:07:00 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Symantec Network Drivers Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-01-07 03:23:45 ------------
  • 0

#6
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

i can see the trojans and other malware that is infecting your machine. seems you got the infection way back on 22 Dec though i can also see an infection you got back on 12 Dec. hence, it is likely you have older infections and therefore it will take a number of posts before we are clear of this.

before we get down to the cleaning i notice that you have 2 antivirus programs running (norton and AVG). you should only have one running else they get in conflict with each other, slow down your computer and can be less of a protection. so, could you disable one of them and let me know which one you disabled.

i also notice that you have 2 antispyware programs running (SUPERantispyware and Spyware Doctor). likewise, you should only have one running else they get in conflict with each other, slow down your computer and can be less of a protection. so, could you disable one of them and let me know which one you disabled.

i appreciate that the infection may have disabled your protection programs, but hopefully we can sort that out this post.

that done, lets get down to the fix. to do this fix we will be making changes in your Registry. hence, we will backup your current Registry. Better safe than sorry!

===STEP 1===
Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch. <= important!
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


===STEP 2===
The Registry changes - this gets rid of one of the trojans you have, as detailed http://www.symantec...._...-99&tabid=3

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

Create a script file
  • Please open a new Notepad file by clicking Start ==> All Programs ==> Accessories ==> Notepad
  • Copy the text from the following Code box below, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
ProcessKill \medichi.exe|1
ProcessKill \medichi2.exe|1

RegSetStringValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs|
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Medichi
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Medichi2
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer|NoControlPanel|0
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system|DisableRegistryTools|0
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system|DisableTaskMgr|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\policies\system|DisableTaskMgr|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel|0
RegSetDwordValue HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU|NoAutoUpdate|0
RegSetDwordValue HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU|NoAutoUpdate|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer|NoWindowsUpdate|0

FileDelete %System%\user32.dat
FileDelete %Windir%\medichi.exe
FileDelete %Windir%\medichi2.exe
FileDelete %Windir%\murka.dat

Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
Save the file, to the C:\BFU folder, making sure that Type is All Files, and name it Fixthis.bfu

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select fixthis.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.



===STEP 3===
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

DO NOT run it yet


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpecialOffers] C:\WINDOWS\specialoffers4.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\alan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.co...ltInstaller.ocx
O20 - AppInit_DLLs: murka.dat

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\specialoffers4.exe
    c:\documents and settings\alan\local settings\temp\fsg_4104.exe
    C:\WINDOWS\system32\winsos.exe
    C:\WINDOWS\system32\winsn.exe
    C:\WINDOWS\SpecialOffers.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\trayicons.exe


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



===STEP 4===
we will now clean out your temp files to get rid of infections in there.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


In your next reply could i see
1. the OTMoveIT log
2. another DSS log (there will only be one this time)

andrewuk

Edited by andrewuk, 12 January 2008 - 10:55 AM.

  • 0

#7
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello. Thanks for a quick response. So, I uninstalled Spyware Doctor. Then, I decided to disable Norton; since I do not have access to my control panel, I could not figure out how to remove the Norton program all together. Instead, I turned off "auto-protect" and "live auto update". I believe this keeps Norton OFF, unless I turn it on manually. Also, I do have the AVG Anti-Spyware...this I downloaded when I was following the instructions from this site recommended before starting a post about Malaware. Should I disable this too so that I would only have SUPREAnti-Spyware running?

Now, when I moved on to the Fix steps, I could not even do Step 1: when I typed regedit in the Run: box, I got an error message saying that "regedit is not a valid Win32 application". What can I do to get around this? I was hesitant to move on to step two without first backing up the registry. So, I will wait for your response before I proceed. Thank you.
  • 0

#8
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

Hello. Thanks for a quick response. So, I uninstalled Spyware Doctor. Then, I decided to disable Norton; since I do not have access to my control panel, I could not figure out how to remove the Norton program all together. Instead, I turned off "auto-protect" and "live auto update". I believe this keeps Norton OFF, unless I turn it on manually. Also, I do have the AVG Anti-Spyware...this I downloaded when I was following the instructions from this site recommended before starting a post about Malaware. Should I disable this too so that I would only have SUPREAnti-Spyware running?

Now, when I moved on to the Fix steps, I could not even do Step 1: when I typed regedit in the Run: box, I got an error message saying that "regedit is not a valid Win32 application". What can I do to get around this? I was hesitant to move on to step two without first backing up the registry. So, I will wait for your response before I proceed. Thank you.

oops, i should have seen that one :)

......new set of instructions


====STEP 1====
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


====STEP 2====
The Registry changes - this gets rid of one of the trojans you have, as detailed http://www.symantec...._...-99&tabid=3

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

Create a script file
  • Please open a new Notepad file by clicking Start ==> All Programs ==> Accessories ==> Notepad
  • Copy the text from the following Code box below, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
ProcessKill \medichi.exe|1
ProcessKill \medichi2.exe|1

RegSetStringValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs|
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Medichi
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Medichi2
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer|NoControlPanel|0
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system|DisableRegistryTools|0
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system|DisableTaskMgr|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\policies\system|DisableTaskMgr|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoControlPanel|0
RegSetDwordValue HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU|NoAutoUpdate|0
RegSetDwordValue HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU|NoAutoUpdate|0
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer|NoWindowsUpdate|0

FileDelete %System%\user32.dat
FileDelete %Windir%\medichi.exe
FileDelete %Windir%\medichi2.exe
FileDelete %Windir%\murka.dat

Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
Save the file, to the C:\BFU folder, making sure that Type is All Files, and name it Fixthis.bfu

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select fixthis.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.



====STEP 3====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

DO NOT run it yet


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpecialOffers] C:\WINDOWS\specialoffers4.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\alan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.co...ltInstaller.ocx
O20 - AppInit_DLLs: murka.dat

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\specialoffers4.exe
    c:\documents and settings\alan\local settings\temp\fsg_4104.exe
    C:\WINDOWS\system32\winsos.exe
    C:\WINDOWS\system32\winsn.exe
    C:\WINDOWS\SpecialOffers.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\trayicons.exe


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 4====
we will now clean out your temp files to get rid of infections in there.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


In your next reply could i see
1. the OTMoveIT log
2. another DSS log (there will only be one this time)

andrewuk
  • 0

#9
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Andrew. So, in Step 3, where I have to check HijackThis items, I did not find these two, and so I could not check them:
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: murka.dat

What should I do?
  • 0

#10
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

continue with the fix from STEP 3 again, if you cant see an entry then dont worry - means it was cleared before :)

andrewuk
  • 0

Advertisements


#11
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. So I proceeded from step 3. I have posted the OTMoveIT log belwo. However, for the DSS log, where do I get that from? Do I run Deckard's System Scanner (DSS) again? I'm not sure exactly what you are looking for when you say another DSS log. But, for now, here's the OTMoveIt log. Thank you.

ALCee410

File/Folder C:\WINDOWS\specialoffers4.exe not found.
File/Folder c:\documents and settings\alan\local settings\temp\fsg_4104.exe not found.
C:\WINDOWS\system32\winsos.exe moved successfully.
C:\WINDOWS\system32\winsn.exe moved successfully.
File/Folder C:\WINDOWS\SpecialOffers.exe not found.
C:\WINDOWS\system32\dllgh8jkd1q8.exe moved successfully.
C:\WINDOWS\trayicons.exe moved successfully.

OTMoveIt2 v1.0.6 log created on 01072008_213704
  • 0

#12
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
yes, just run DSS again, this time it will only produce one log - post that.

andrewuk
  • 0

#13
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, here's the new DSS log. I'm going to have to leave the computer for tonight. I hope to get back to this tomorrow afternoon. Thanks for all your help so far. Here's the log:

Deckard's System Scanner v20071014.68
Run by Alan on 2008-01-07 22:02:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 0.73 GiB (less than 15%) free.


-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:07 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\shovth.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Alan\Desktop\dss.exe
C:\DOCUME~1\Alan\Desktop\Alan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\505dete2.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\Temp\checkmem.exe /optimize speed
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13634 bytes

-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-07 21:37:32 28929 --a------ C:\WINDOWS\system32\winsos.exe
2008-01-07 21:37:32 89088 ---hs---- C:\WINDOWS\system32\winsn.exe
2008-01-07 19:48:35 0 d-------- C:\BFU
2008-01-07 18:59:49 8192 --a------ C:\WINDOWS\medichi2.exe
2008-01-07 18:59:49 5632 --a------ C:\WINDOWS\medichi.exe
2008-01-02 09:28:14 0 d-------- C:\Program Files\Trillian
2008-01-02 09:24:40 89088 ---h----- C:\WINDOWS\WINDOWS.exe
2008-01-01 08:31:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50:09 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:25:14 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24:43 0 d-------- C:\Program Files\AIM6
2007-12-31 21:29:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27:16 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-12-22 16:05:36 0 d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2007-12-22 16:05:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 11:26:41 0 dr-h----- C:\$VAULT$.AVG
2007-12-22 11:23:12 9216 --a------ C:\WINDOWS\system32\suspend.exe
2007-12-22 11:14:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 11:13:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-12-22 11:10:27 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-12-22 10:02:14 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-12-22 10:00:42 29184 --a------ C:\WINDOWS\system32\kernelwind32.exe
2007-12-22 10:00:36 89088 ---h----- C:\Documents and Settings\TEMP\TEMP.exe
2007-12-22 10:00:28 89088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-22 10:00:23 29184 --a------ C:\WINDOWS\wsystmp_rsr.exe
2007-12-22 09:59:53 163721 --a------ C:\Documents and Settings\Alan\Application Data\antivirus.exe
2007-12-22 09:59:30 89088 ---h----- C:\.exe
2007-12-22 09:59:23 89088 ---hs---- C:\402528E8.exe
2007-12-22 09:59:20 89088 ---hs---- C:\WINDOWS\system32\shovth.exe
2007-12-22 09:59:11 89088 --a------ C:\WINDOWS\wsystmp_huv.exe
2007-12-22 09:57:14 6144 --a------ C:\WINDOWS\system32\user32.dat
2007-12-22 09:54:30 35840 --a------ C:\WINDOWS\wsystmp_vzt.exe
2007-12-22 09:53:56 18944 --a------ C:\WINDOWS\system32\wowfx(2).dll
2007-12-22 09:53:55 9728 --a------ C:\Documents and Settings\Alan\Application Data\printer.exe
2007-12-22 08:59:27 0 d-------- C:\Documents and Settings\TEMP\Application Data\AVG7
2007-12-21 20:05:03 0 d-------- C:\Program Files\EliteProtector
2007-12-21 18:25:51 89088 ---h----- C:\Documents and Settings\Administrator\Administrator.exe
2007-12-21 17:59:01 89088 ---h----- C:\Documents and Settings\Alan\Alan.exe
2007-12-18 01:51:28 15872 --a------ C:\WINDOWS\windisk.dll
2007-12-08 22:53:15 4456448 --a------ C:\Documents and Settings\Alan\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-01-07 19:03:43 0 d-------- C:\Program Files\Common Files
2007-12-25 08:45:39 0 d-------- C:\Program Files\Traktor DJ Studio
2007-12-25 04:35:50 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe
2007-12-22 11:26:43 0 d--hs---- C:\Program Files\outlook
2007-12-22 11:26:43 0 d-------- C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}
2007-12-22 09:54:18 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 05:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/27/2004 08:10 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 09:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/11/2003 10:03 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/12/2004 10:01 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 02:36 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/12/2005 02:37 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [12/11/2003 06:35 PM]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [02/25/2004 05:08 AM]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" []
"SbUsb AudCtrl"="sbusbdll.dll" [07/08/2004 06:27 PM C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/25/2005 03:01 PM]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2006 04:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/2006 04:34 PM]
"avp"="C:\WINDOWS\avp.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 04:04 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"sis32"="C:\WINDOWS\system32\winsos.exe" [01/07/2008 09:37 PM]
"winroot"="C:\WINDOWS\system32\winsn.exe" [12/22/2007 09:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [06/25/2004 10:21 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/05/2006 07:29 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/09/2007 09:14 PM]
"StartUp"="C:\WINDOWS\Temp\checkmem.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/18/2007 11:04 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 10:05:56 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 1:08:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{402528E8-0AE7-1033-0519-040404230001}"="C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
AutoRun\command- G:\
open\Command- G:\BC175E47.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7499b270-fef4-11d8-99ca-806d6172696f}]
AutoRun\command- C:\
open\Command- C:\402528E8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7499b271-fef4-11d8-99ca-806d6172696f}]
AutoRun\command- D:\
open\Command- D:\30697A44.exe




-- End of Deckard's System Scanner: finished at 2008-01-07 22:03:52 ------------
  • 0

#14
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

we got rid of the main trojan in that post though a couple of the other trojans came back.

so, in this post we will go an online scan to see if we can track down the source and also check out some other suspicious looking files.


====STEP 1====
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

if that link does not work, try
Kaspersky WebScanner alternate link

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If asked, click accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


====STEP 2====
If you dont have it from before then please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open one Notepad main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.


In your next reply could i see:
1. the kaspersky report
2. a new DSS log <= there will only be one log this time

andrewuk

Edited by andrewuk, 12 January 2008 - 09:00 PM.

  • 0

#15
alcee410

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. I tried loading Kaspersky WebScanner, but it won't let me load the webpage. I tried Firefox and Internet Explorer. Firefox says "Problem loading page: the connection has timed out: The server at www.kaspersky.com is taking too long to respond." It is so frustrating to not be able to load certain webpages. Do you know a way around this? Thank you!

ALCee410
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP