Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

explorer.exe doesn't start, or restarts constatnly. [CLOSED]

Started by MikeGnz , Mar 01 2008 04:20 PM

This topic is locked

#1
MikeGnz

Posted 01 March 2008 - 04:20 PM

New Member

Member
6 posts

Hi, I'm new here, and this is my first time talking to others about this problem. I apoligize for this very long post, but I felt that I needed to give you guys as much information as possible.

Well...it's been happening for a few days now, but explorer.exe keeps crashing on me right after I log in. If it doesn't crash, then it keeps restarting. I've tried a lot of things, many of which I've learned from here, and as such, I'e found a lot of bad stuff on my computer (a Compaq laptop).

I've run the AVG anti-spyare program, Avast! Antivirus, and finally HijackThis, in order to try and solve the problam myself. However, I still haven't found the problem after working on this for a combined 14 hours (yesterday and today).

I can access the Task Manager, yes, so it' not a bother to me. However, my uncle gets mad easily, and having no Start menu or Desktop gets him riled up.

One last hting, I'm a senior in high-school, and, though very computer literate, I might not understand everything I get told, so I hope I don't come across as annoying if I ask whomever takes the time to help me to clarify anything they tell me.

So, the logs. FIrst off, I ran the AVG Anti-Spyware program off the pinned topic above. Most of the found stuff were tracking cookies (a lot of tracking cookies), among actual spyware and malware. Here's a list of the non-tracking cookie stuff it found (I'm shortening the list becuase the program had found 800+ objects on the laptop, with only 20-30 being actual potential problems, but I will post the cookie list if needed). I was forcedto run it in normal start-up becuase it kept giving me an error when I tried to start it in Safe Mode.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:22:01 PM 3/1/2008

+ Scan result:

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq219.tmp -> Adware.180Solution : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\HBTV.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\uninstaller.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostOE.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtSrv.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtToolbar.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtWallpaper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\HBTVHelper.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24F.tmp\Semantic Insight\SemanticInsight.exe -> Adware.RXBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\KF272XEH\file[1].exe -> Downloader.Agent.ftu : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP213.tmp -> Downloader.Agent.hql : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP7B.tmp -> Downloader.Agent.idv : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP2C.tmp -> Downloader.Agent.iug : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O789OTQD\n1404-4[1].htm -> Downloader.Agent.nw : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1275OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\!update.exe -> Downloader.PurityScan.fk : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\KEAWJ9U7\!update-4495[1].0000 -> Downloader.PurityScan.fk : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\RCXA.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\RCXD.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\TMP24.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\McRegWiz .Exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\McRegWiz.Exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\QTTask.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\browser\ybrwicon.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\iTunes\iTunesHelper.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq148.tmp -> Not-A-Virus.Hoax.Win32.Renos.hp : Cleaned with backup (quarantined).

[cookie list originally here]

C:\WINDOWS\system32\werweg.dll.tmp -> Trojan.Kolweb.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsintsv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\krnl32.dll -> Trojan.SpywareSoft.t : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\wintst.dll -> Trojan.SpywareSoft.t : Cleaned with backup (quarantined).

::Report end

--
I recognized at least one or two of those names from reading some topics here, so I knew somehting was up.

I then restarted the laptop, used Internet Explorer to delete the Temporary Internet Files (I haven't done it for a while, so I felt that now was a good time) and ran Avast! Anti-virus. Now, this is where it gets wierd. I used Avast! becuase I trusted it before and find it quite reliable. Log follows. I had this also in Normal Mode because I can't send stuff to the Chest (Avast!'s version of AVG's Quarrentine) in Safe Mode.

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Saturday, March 01, 2008 2:49:28 PM
* VPS: 080301-0, 03/01/2008
*

C:\WINDOWS\$hf_mig$\KB933729\update\update_SP2QFE.inf [E] File was skipped because of scanner settings. (42016)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieaksie.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieakui.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieapfltr.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iedkcs32.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieencode.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieframe.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iepeers.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieproxy.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iernonce.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iertutil.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iesetup.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\EventCache\{6CD77F3F-0C02-4D86-A5CE-F43B2E259262}.bin [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agentins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntlang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\HtmlUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\bg_left_1x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\bg_left_MSC_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\InstUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\SubInfoData.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agentins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntlang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\HtmlUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\bg_left_1x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\bg_left_MSC_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\InstUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\SubInfoData.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\appconst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\lang_mps.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninstall.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Perflib_Perfdata_624.dat [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\CmnIds.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\arrow_right.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\btn_signup_52x20.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\more_info.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_bottom.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_bottom_red.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_top.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_top_red.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\transpix.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\watermark_mys_150x130.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\oemcfg.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\OEMIds.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\valert.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\valert_old.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\hs~valert.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\_avast4_\unp10608934.tmp\unp10608934 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp182024133.tmp\unp182024133 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp212821008.tmp\unp212821008 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp244806199.tmp\unp244806199 [E] The file is a decompression bomb. (42110)
C:\WINDOWS\Temp\_avast4_\unp2571321.tmp\unp2571321 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp80715129.tmp\unp80715129 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\Webshlock.txt [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\fil6F18C8C1.dat\fil6F18C8C1 [L] Win32:Tibsis [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filEDEAC361.dat\filEDEAC361 [L] Win32:Tibsis [Trj] (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\BlackBox.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\VerifierBug.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\Dummy.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\Beyond.class [L] Other:Malware-gen (0)
File was successfully moved to chest...
File was successfully moved to chest...
File was successfully moved to chest...
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6ccaea63.zip\vmain.class [L] Other:Malware-gen (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Local Settings\Temp\bndupd4.exe\$INSTDIR\BndDrive3.dll [L] Win32:AdBand [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\ismtpa1.exe\$SHELL[17]\ISM2\ISMPack6.exe [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe\[Embedded#EXE1] [L] Win32:Zapchast-CN [Trj] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe\[Embedded#EXE3] [L] Win32:Adware-gen [Adw] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe [L] Win32:Zapchast-CN [Trj] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SSS.sys [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
While moving file to chest, error occurred: File is not packed.
While moving file to chest, error occurred: File is not packed.
While moving file to chest, error occurred: File is not packed.
C:\Documents and Settings\Gonzales\Local Settings\Temp\xpre.exe [L] Win32:Crypt-APY [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\xrun.exe\[MoleBox] [L] Win32:Agent-HYD [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\~GLH0001.TMP\Wise0012.bin [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\OZ6T8D2X\MSIMClientSetup.1.0.745.0-static[1].exe\n\nsis8.bin [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\aaqq[1].exe [L] Win32:Small-JNV [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\ooqq[1].exe [L] Win32:Small-JQJ [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\vvqq[1].exe\$SHELL[17]\QdrModule\QdrModule12.exe [E] Installer archive is corrupted. (42146)
Infected files: 17
Total files: 130098
Total folders: 3826
Total size: 8.5 GB

*
* Task stopped: Saturday, March 01, 2008 3:34:48 PM
* Run-time was 45 minute(s), 20 second(s)
*
--
I don't know where the compressed files came from, before anyone asks. ALso, I"m very worried of that "decompressor bomb". But it loosk like it was in an Avast! foldier, so I don't know.

I hope you're eyes aren't tired yet. After running Avast!, I restarted the computer and ran HijackThis in Normal Mode. Log follows. I'm not sure if it caught explorer.exe (it was restating constantly at the time) in the processes.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:45 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Titan FTP Server Tray App] C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DUSB] C:\WINDOWS\system32\DarksUSB.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ViewSonic Explorer V5.3] C:\WINDOWS\msdtcsw32.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\system32\CROSOF~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [PSPHost] "C:\Program Files\PSPHost\PSPHost.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [Eybbnl] "C:\Program Files\?icrosoft.NET\n?lookup.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk572JHUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140880270640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...1.10/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...d3cafd35fff1431
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.w...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12727 bytes
--
That's all the information I can give at this time.

Notes

1. I had the Task Manager running when HijackThis was scanning. I believe it listed in under the processes section.
2. Aside from shortening the AVG log, I have not modified the logs.
3. Anything and everything that was placed into AVG's Quarrentine and Avast!'s Chest are still there. Also, I have not removed anything with HojackThis.
4. As for the currupted archives Avast! found, I'm not sure whether to delete them or not, or even if I can delete them. The archive that's passworded is unkown to me, so I don't think I'll be able to open it.

I thank you, whomever decides to hlep me, for helping me. I'm not sure if it will fix the problem (that's the laptop's bad luck right there), but I plan to try anything and everyting you guys suggest.

#2
Rorschach112

Posted 02 March 2008 - 04:30 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#3
MikeGnz

Posted 03 March 2008 - 04:05 PM

New Member

Topic Starter
Member
6 posts

Um...I'm not sure if it's supposed to happen, but all CombiFix does is open up a blue MS-DOS box, and nothing is typed into the box. I also tried typing in the box, but nothing happened.

Is something supposed to appear in the MS-DOS window? Becuase I waited for five minutes, and ntohiing else appeared. I've also tried running it in Safe Mode, and nothing happened also.

#4
Rorschach112

Posted 03 March 2008 - 04:08 PM

Ralphie

Retired Staff
47,710 posts

Try it once more, give it 15 minutes

If nothing happens do this

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
Under Drivers change it to Non-Microsoft.
Check the box beside Scan All User Accounts at the top
Under Files Created Within and Files Modified Within change it to 90 days.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

#5
MikeGnz

Posted 04 March 2008 - 03:39 PM

New Member

Topic Starter
Member
6 posts

ComboFix didn't work still. So, I installed what you suggested and ran it. Here's the log.

WinPFind35.zip 53.42KB 167 downloads

#6
Rorschach112

Posted 04 March 2008 - 04:09 PM

Ralphie

Retired Staff
47,710 posts

Strange cant download that

Can you upload it again, but don't zip it if possible.

#7
MikeGnz

Posted 04 March 2008 - 04:21 PM

New Member

Topic Starter
Member
6 posts

OK. Here it is. Apparently, it was a .rar, but it renaemd itself to a .zip. I re-archived it to a .zip.

WinPFind35.zip 68.55KB 103 downloads

#8
Rorschach112

Posted 04 March 2008 - 04:39 PM

Ralphie

Retired Staff
47,710 posts

Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> nircmd.cfexe -> %SystemDrive%\ComboFix\nircmd.cfe
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapp.../search/ie.html
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\] > -> HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet]
YN -> CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search ->
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet]
YN -> CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet]
YN -> CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\] > -> HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet]
YN -> CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\] > -> HKEY_USERS\S-1-5-21-1921806800-3435053445-1193313322-1013\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Search ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YY -> FunWebProducts ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[]
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
YN -> text/html:{2AB289AE-4B90-4281-B2AE-1F4BB034B647}[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}[HKEY_LOCAL_MACHINE] -> http://ak.exe.imgfar...tup1.0.0.15.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {DECEAAA2-370A-49BB-9362-68C3A58DDC62}[HKEY_LOCAL_MACHINE] -> http://static.zangoc...d3cafd35fff1431[SAIX]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
[Files/Folders - Created Within 90 days]
YY -> 6 C:\*.tmp files -> C:\*.tmp
YY -> ComboFix -> %SystemDrive%\ComboFix
YY -> ComboFix[2] -> %SystemDrive%\ComboFix[2]
YY -> @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
YY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YY -> W?nSxS -> %AppData%\WіnSxS
YY -> ?ymbols -> %AppData%\ѕymbols
YY -> ?racle -> %AppData%\Оracle
YY -> A?pPatch -> %UserProfile%\My Documents\AрpPatch
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Windows[1].Vista.Ultimate.Lite.4.Genuino.[Spanish].[www.torrentspain.com] [myBittorrent.com].torrent:Zone.Identifier
[isoHunt] download.torrent
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\[isoHunt] download.torrent:Zone.Identifier
[PSP]Socom[1].US.Navy.Seals.Fireteam.Bravo.2.[EUR][ESPALPSP.com].rar [myBittorrent.com].torrent
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\[PSP]Socom[1].US.Navy.Seals.Fireteam.Bravo.2.[EUR][ESPALPSP.com].rar [myBittorrent.com].torrent:Zone.Identifier
YY -> ?ecurity -> %UserProfile%\My Documents\ѕecurity
YY -> ??mantec -> %UserProfile%\My Documents\Ѕуmantec
YY -> ?ssembly -> %UserProfile%\My Documents\аssembly
YY -> ??sks -> %UserProfile%\My Documents\Таsks
YY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
YY -> F?nts -> %CommonProgramFiles%\Fоnts
YY -> Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe
YY -> ?racle -> %CommonProgramFiles%\Οracle
YY -> ?asks -> %CommonProgramFiles%\Τasks
YY -> ??stem -> %CommonProgramFiles%\ѕуstem
[Files/Folders - Modified Within 90 days]
YY -> 6 C:\*.tmp files -> C:\*.tmp
YY -> ComboFix -> %SystemDrive%\ComboFix
YY -> ComboFix[2] -> %SystemDrive%\ComboFix[2]
YY -> @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
YY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> s?stem -> %AppData%\sуstem
YY -> W?nSxS -> %AppData%\WіnSxS
YY -> ?ymbols -> %AppData%\ѕymbols
YY -> ?racle -> %AppData%\Оracle
YY -> A?pPatch -> %UserProfile%\My Documents\AрpPatch
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Windows[1].Vista.Ultimate.Lite.4.Genuino.[Spanish].[www.torrentspain.com] [myBittorrent.com].torrent:Zone.Identifier
[isoHunt] download.torrent
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\[isoHunt] download.torrent:Zone.Identifier
[PSP]Socom[1].US.Navy.Seals.Fireteam.Bravo.2.[EUR][ESPALPSP.com].rar [myBittorrent.com].torrent
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\[PSP]Socom[1].US.Navy.Seals.Fireteam.Bravo.2.[EUR][ESPALPSP.com].rar [myBittorrent.com].torrent:Zone.Identifier
YY -> ?ecurity -> %UserProfile%\My Documents\ѕecurity
YY -> ??mantec -> %UserProfile%\My Documents\Ѕуmantec
YY -> ?ssembly -> %UserProfile%\My Documents\аssembly
YY -> ??sks -> %UserProfile%\My Documents\Таsks
YY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
YY -> Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe
YY -> ?racle -> %CommonProgramFiles%\Οracle
YY -> ?asks -> %CommonProgramFiles%\Τasks
YY -> ??stem -> %CommonProgramFiles%\ѕуstem
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
YY -> W?nSxS -> C:\Documents and Settings\Gonzales\Application Data\WіnSxS
YY -> ?ymbols -> C:\Documents and Settings\Gonzales\Application Data\ѕymbols
YY -> ?racle -> C:\Documents and Settings\Gonzales\Application Data\Оracle
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]
YY -> C:\WINDOWS\F?nts\ -> C:\WINDOWS\Fοnts
YY -> C:\WINDOWS\?icrosoft.NET\ -> C:\WINDOWS\Μicrosoft.NET
YY -> C:\WINDOWS\??crosoft\ -> C:\WINDOWS\Μіcrosoft
YY -> C:\WINDOWS\?racle\ -> C:\WINDOWS\Οracle
YY -> C:\WINDOWS\System32\?icrosoft.NET\ -> C:\WINDOWS\system32\Мicrosoft.NET
YY -> C:\WINDOWS\System32\??crosoft\ -> C:\WINDOWS\system32\Міcrosoft
YY -> ??crosoft -> C:\WINDOWS\System32\Міcrosoft\Міcrosoft
YY -> C:\WINDOWS\System32\s?curity\ -> C:\WINDOWS\system32\sеcurity
YY -> C:\Program Files\F?nts\ -> C:\Program Files\Fоnts
YY -> C:\Program Files\?icrosoft.NET\ -> C:\Program Files\Μicrosoft.NET
YY -> C:\Program Files\?icrosoft.NET\ -> C:\Program Files\Мicrosoft.NET
YY -> C:\Program Files\??mantec\ -> C:\Program Files\Ѕуmantec
YY -> C:\Program Files\?ystem\ -> C:\Program Files\ѕystem
YY -> C:\Program Files\T?sks\ -> C:\Program Files\Tаsks
YY -> C:\Program Files\Common Files\F?nts\ -> C:\Program Files\Common Files\Fоnts
YY -> C:\Program Files\Common Files\?racle\ -> C:\Program Files\Common Files\Οracle
YY -> C:\Program Files\Common Files\??stem\ -> C:\Program Files\Common Files\ѕуstem
YY -> C:\Program Files\Common Files\?asks\ -> C:\Program Files\Common Files\Τasks
YY -> C:\Documents and Settings\Gonzales\My Documents\A?pPatch\ -> C:\Documents and Settings\Gonzales\My Documents\AрpPatch
YY -> C:\Documents and Settings\Gonzales\My Documents\?ecurity\ -> C:\Documents and Settings\Gonzales\My Documents\ѕecurity
YY -> C:\Documents and Settings\Gonzales\My Documents\??mantec\ -> C:\Documents and Settings\Gonzales\My Documents\Ѕуmantec
YY -> C:\Documents and Settings\Gonzales\My Documents\??sks\ -> C:\Documents and Settings\Gonzales\My Documents\Таsks
YY -> C:\Documents and Settings\Gonzales\Application Data\?racle\ -> C:\Documents and Settings\Gonzales\Application Data\Оracle
YY -> C:\Documents and Settings\Gonzales\Application Data\?ymbols\ -> C:\Documents and Settings\Gonzales\Application Data\ѕymbols
YY -> C:\Documents and Settings\Gonzales\Application Data\s?stem\ -> C:\Documents and Settings\Gonzales\Application Data\sуstem
YY -> C:\Documents and Settings\Gonzales\Application Data\W?nSxS\ -> C:\Documents and Settings\Gonzales\Application Data\WіnSxS
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Then do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#9
MikeGnz

Posted 04 March 2008 - 07:44 PM

New Member

Topic Starter
Member
6 posts

OK. I ran the paste-and-fix, but it didn't produce a log. I ran DSS, and it gae me the two logs.

main.txt

Deckard's System Scanner v20071014.68
Run by Gonzales on 2008-03-04 19:30:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2008-03-05 01:30:42 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-03-04 13:04:32 UTC - RP2 - Software Distribution Service 3.0
1: 2008-03-03 21:56:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).

-- HijackThis (run as Gonzales.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:05 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Gonzales\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gonzales.exe
C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.0\AHOI\ah_ie_bho.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91460C1C-02A7-4A66-B6B3-A9196AD2D64B} - C:\WINDOWS\system32\awvvt.dll
O2 - BHO: (no name) - {9841B06E-5D9A-4005-A064-CE028CEEC2C0} - C:\WINDOWS\system32\werwef.dll (file missing)
O2 - BHO: (no name) - {A11A8D42-882F-4825-A4E7-7E69202778DB} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B1DDDA4C-44FC-0F2B-D828-4BE6008C5FE2} - C:\WINDOWS\system32\fyvtdmaw.dll (file missing)
O2 - BHO: (no name) - {D7FD6C15-4927-4AAE-BF12-FBDABD287EB1} - C:\WINDOWS\system32\xxyyvwv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140880270640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...1.10/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangoc...d3cafd35fff1431
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.w...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyyvwv - C:\WINDOWS\SYSTEM32\xxyyvwv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9880 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Ai2sXP - c:\windows\system32\drivers\ai2sxp.sys <Not Verified; Ai Squared; ZoomText 9>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 AsUsbDrv - c:\windows\system32\drivers\asusbdrvxp.sys
S2 ntndis - c:\windows\system32\drivers\ntndis.sys (file missing)
S2 ohctusb (Open Host Controller Miniport USB Driver) - c:\windows\system32\drivers\ohctusb.sys (file missing)
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - c:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 PSSdk21 - c:\windows\system32\drivers\hnpssdk.drv (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3091103C&REV_10\4&FCF0450&0&00A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3091103C&REV_10\4&FCF0450&0&00A4
Service: RTL8023xp

-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 19:27:58 0 d-------- C:\WINDOWS\LastGood
2008-03-01 10:55:41 0 d-------- C:\Program Files\Trend Micro
2008-03-01 10:48:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 10:35:59 0 d-------- C:\Documents and Settings\Gonzales\Application Data\Grisoft
2008-03-01 10:35:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 18:43:51 0 d-------- C:\WINDOWS\Prefetch
2008-02-29 14:50:38 238892 --ahs---- C:\WINDOWS\system32\tvvwa.ini2
2008-02-29 14:50:16 324608 --a------ C:\WINDOWS\system32\awvvt.dll
2008-02-29 13:08:25 319 --ahs---- C:\WINDOWS\system32\rrqss.ini2
2008-02-29 11:55:05 319 --ahs---- C:\WINDOWS\system32\ijkkj.ini2
2008-02-27 19:18:15 8650752 --a------ C:\Documents and Settings\Gonzales\ntuser.dat
2008-02-22 17:38:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

-- Find3M Report ---------------------------------------------------------------

2008-03-04 19:15:20 0 d-------- C:\Program Files\Common Files
2008-03-01 13:21:55 0 d-------- C:\Program Files\QuickTime
2008-03-01 13:21:55 0 d-------- C:\Program Files\iTunes
2008-02-29 18:28:28 23412 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 18:26:49 0 d-------- C:\Program Files\Messenger
2008-02-28 16:20:03 239524 --ahs---- C:\WINDOWS\system32\hjkmp.ini2
2008-02-27 22:00:41 37364 --a------ C:\logfile
2008-02-27 16:37:16 231424 --a------ C:\WINDOWS\mapisrv32.dll
2008-02-27 16:37:14 10240 --a------ C:\WINDOWS\jtcres32.dll
2008-02-26 16:23:05 0 d-------- C:\Documents and Settings\Gonzales\Application Data\U3
2008-02-16 23:16:05 1 --a------ C:\WINDOWS\system32\ai2drv.dat
2008-02-03 22:06:03 318 --ahs---- C:\WINDOWS\system32\gjllm.ini2
2008-01-31 18:15:16 0 d-------- C:\Documents and Settings\Gonzales\Application Data\SQLX3
2008-01-31 15:06:52 559104 --a------ C:\WINDOWS\click.dll
2008-01-31 09:03:51 0 d-------- C:\Documents and Settings\Gonzales\Application Data\uTorrent
2008-01-29 20:21:03 0 d-------- C:\Program Files\Kodak
2008-01-29 20:19:32 0 d-------- C:\Program Files\Common Files\Kodak
2008-01-26 20:25:40 0 d-------- C:\Documents and Settings\Gonzales\Application Data\AdobeAUM
2008-01-25 20:21:15 0 d-------- C:\Documents and Settings\Gonzales\Application Data\ArcSoft
2008-01-25 20:13:13 0 d-------- C:\Program Files\Best Buy Rhapsody
2008-01-20 13:21:58 0 d-------- C:\Documents and Settings\Gonzales\Application Data\Webroot
2008-01-20 10:36:00 39424 --a------ C:\WINDOWS\system32\xxyyvwv.dll
2008-01-20 10:35:18 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-01-17 22:19:05 5632 --ahs---- C:\Program Files\Thumbs.db
2008-01-13 18:17:47 0 d-------- C:\Documents and Settings\Gonzales\Application Data\Yahoo!
2008-01-13 17:58:58 0 d-------- C:\Program Files\MySpace
2008-01-12 22:22:27 0 d-------- C:\Program Files\Yahoo!
2008-01-07 14:46:31 0 d-------- C:\Documents and Settings\Gonzales\Application Data\HP
2007-12-17 07:21:30 218 --a------ C:\WINDOWS\ulksystem33.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91460C1C-02A7-4A66-B6B3-A9196AD2D64B}]
02/29/2008 02:50 PM 324608 --a------ C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9841B06E-5D9A-4005-A064-CE028CEEC2C0}]
C:\WINDOWS\system32\werwef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A11A8D42-882F-4825-A4E7-7E69202778DB}]
C:\WINDOWS\system32\pmkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DDDA4C-44FC-0F2B-D828-4BE6008C5FE2}]
C:\WINDOWS\system32\fyvtdmaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}]
01/20/2008 10:36 AM 39424 --a------ C:\WINDOWS\system32\xxyyvwv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}"= C:\WINDOWS\system32\xxyyvwv.dll [01/20/2008 10:36 AM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvwv]
xxyyvwv.dll 01/20/2008 10:36 AM 39424 C:\WINDOWS\system32\xxyyvwv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gonzales^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Gonzales\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DUSB]
C:\WINDOWS\system32\DarksUSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eybbnl]
"C:\Program Files\?icrosoft.NET\n?lookup.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\pmkjh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPHost]
"C:\Program Files\PSPHost\PSPHost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tbsa]
"C:\WINDOWS\system32\CROSOF~1\dllhost.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Titan FTP Server Tray App]
C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewSonic Explorer V5.3]
C:\WINDOWS\msdtcsw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\Program Files\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc32b78-c095-11dc-af25-0014a56ba8a0}]
AutoRun\command- F:\DarksUSB.exe
explore\Command- F:\DarksUSB.exe
open\Command- F:\DarksUSB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9856fc48-ac3c-11dc-aead-0014a56ba8a0}]
AutoRun\command- E:\DarksUSB.exe
explore\Command- E:\DarksUSB.exe
open\Command- E:\DarksUSB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f31481-4da7-11dc-acf0-0014a56ba8a0}]
AutoRun\command- E:\DarksUSB.exe
explore\Command- E:\DarksUSB.exe
open\Command- E:\DarksUSB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d89027-b4d8-11dc-aee0-0014a56ba8a0}]
AutoRun\command- E:\DarksUSB.exe
explore\Command- E:\DarksUSB.exe
open\Command- E:\DarksUSB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7838c62-9ae2-11dc-ae5d-0014a56ba8a0}]
AutoRun\command- E:\DarksUSB.exe
explore\Command- E:\DarksUSB.exe
open\Command- E:\DarksUSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ViewSonic Explorer V5.3]
C:\WINDOWS\msdtcsw32.exe

-- End of Deckard's System Scanner: finished at 2008-03-04 19:34:38 ------------

#10
MikeGnz

Posted 04 March 2008 - 07:47 PM

New Member

Topic Starter
Member
6 posts

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 382.48 MiB / 98.47 MiB
Pagefile Memory (total/avail): 920.05 MiB / 635.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.85 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 15.42 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST960812A - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v (McAfee) Disabled
FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated
AV: avast! antivirus 4.7.1098 [VPS 080304-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ZoomText 8.1\\zt8.exe"="C:\\Program Files\\ZoomText 8.1\\zt8.exe:LocalSubNet:Enabled:ZoomText 8.1"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\ZoomText 9.0\\zt.exe"="C:\\Program Files\\ZoomText 9.0\\zt.exe:LocalSubNet:Enabled:ZoomText 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\ZoomText 8.1\\zt8.exe"="C:\\Program Files\\ZoomText 8.1\\zt8.exe:LocalSubNet:Enabled:ZoomText 8.1"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz.exe"
"C:\\ijji\\ENGLISH\\GUNSTER.exe"="C:\\ijji\\ENGLISH\\GUNSTER.exe:*:Enabled:Gunster"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\ZoomText 9.0\\zt.exe"="C:\\Program Files\\ZoomText 9.0\\zt.exe:LocalSubNet:Enabled:ZoomText 9.0"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"E:\\LimeWire\\LimeWire.exe"="E:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\Gonzales\\Desktop\\calc.exe"="C:\\Documents and Settings\\Gonzales\\Desktop\\calc.exe:*:Enabled:Control"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gonzales\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GONZALEZ-FAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gonzales
LOGONSERVER=\\GONZALEZ-FAMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Gonzales\LOCALS~1\Temp
TMP=C:\DOCUME~1\Gonzales\LOCALS~1\Temp
USERDOMAIN=GONZALEZ-FAMILY
USERNAME=Gonzales
USERPROFILE=C:\Documents and Settings\Gonzales
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Gonzalez (admin)
Gonzales_2 (new local, admin)
Gonzales_2.GONZALEZ-FAMILY (admin)
Gonzales (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
360Share(remove only) --> "C:\Program Files\360Share\bt-uninst.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AlphaSmart Manager 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4839308-99E6-445E-A984-72F14A96BA14}\setup.exe"
AMV Studio Utilites --> C:\Program Files\Callum Haywood\UnInstall_25694.exe
ArcSoft MediaConverter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Best Buy Rhapsody --> C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
BitTorrent 4.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
BookWorm Deluxe 1.01 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Easy DVD-Video Copy --> C:\PROGRA~1\EASYDV~2\UNWISE.EXE C:\PROGRA~1\EASYDV~2\INSTALL.LOG
Easy DVD-Video Copy Pro --> "C:\Documents and Settings\All Users\Application Data\{0B527DC4-EDC5-4F99-A805-7DEE968F1D8C}\EasyDVDVideoCopyPro.exe" REMOVE=TRUE MODIFY=FALSE
Easy DVD Shrink --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
Encarta Encyclopedia 99 --> "C:\Program Files\Microsoft Reference\Encarta Encyclopedia 99\eeuninst.exe" /uninstall
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Finding Nemo: Nemo's Underwater World of Fun Special Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90} NemoUWF2Uninstall
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
frhed v1.1 --> "C:\Program Files\frhed\uninstall.exe"
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Global MU Online --> C:\Program Files\InstallShield Installation Information\{4F763B06-A014-481B-951A-11AFCD667010}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Halo Zero V1.8.6 --> C:\Program Files\Dobermann\Halo Zero\Uninstal.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 5100 --> msiexec /x{15C165F1-1DAE-4476-AFB6-8723729B41E7}
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photosmart Cameras 4.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{CA6A9251-E3C9-4559-A84D-2691C6270784}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{61CF89F5-5175-4b3b-ABB8-C89821252D50}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP User Guides 0001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IBM ViaVoice TTS Runtime v6.610 - UK English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3972C18C-688F-4312-BE9A-3E065204C33D}\setup.exe" xxxanything
IBM ViaVoice TTS Runtime v6.610 - US English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1A6B23C-438E-4D08-B508-4E830CA8F335}\setup.exe" xxxanything
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_931002\Setup.exe /APR-REMOVE
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee Privacy Service --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mps /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpsrem.ui::uninstall.htm
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SpamKiller --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Media Converter for Philips --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}\Setup.exe" -l0x9
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Sapi 5.1 --> MsiExec.exe /I{393711FE-64EB-4DC7-909E-5FB26D1270AA}
Microsoft Sapi5 voices for XP --> MsiExec.exe /I{F3E7955D-696A-423C-8D38-FCA8A3094F05}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3.1) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MP3 Player Utilities 4.15 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
Mplayer.com --> C:\Program Files\Mplayer\System\Unwise32.exe /a C:\PROGRA~1\Mplayer\System\install.log
Mu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\Setup.exe" -l0x9 UNINSTALL
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Need2Find Bar --> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
NeoSpeech Kate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAD67A7-3A4E-4754-AAC4-0397F370611D}\setup.exe"
NeoSpeech Paul --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{942DF6BD-E4F2-4915-B4FB-09C02B71284F}\setup.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NETGEAR XE102 Powerline Ethernet Adapter --> MsiExec.exe /X{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Limited Patch 4.2-05-07-27-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.2.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PSP Video 9 1.74 --> C:\Program Files\pspvideo9\uninst.exe
PSPHost --> MsiExec.exe /X{1FBC928D-FC5C-45B7-A8B9-67DB18DA4BF5}
Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Reading Blaster Ages 9-12 --> D:\setup.exe -funiRBM.ins
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPG Maker 2000 - Super Columbine Massacre RPG! --> C:\WINDOWS\gamedelete.exe "C:\Program Files\ASCII\RPG2000\ColumbineRPG\RPG_RT.ind"
SA60xx Device Manager --> C:\Program Files\InstallShield Installation Information\{8A6AD979-8170-49ED-8529-14174317B281}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shoddy Battle --> C:\WINDOWS\system32\javaws.exe -uninstall "http://shoddybattle....ddybattle.jnlp"
ShootOutClient Version 1.0 --> C:\Program Files\Kuma Games\uninst.exe
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMV Converter Tool 3.0 --> MsiExec.exe /I{1DBB1B09-8A5C-4CEA-8623-3EE473D4530E}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Starfleet Command --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\14 East\Starfleet Command\Uninst.isu"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Undisker --> C:\WINDOWS\UnGins.exe "C:\Program Files\Undisker\install.log"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinXMedia DVD MPEG/AVI/Audio Converter 4.12SE --> C:\Program Files\WinXMedia\WinXMedia DVD Converter\uninst.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XLink Kai Evolution 7 --> MsiExec.exe /X{BEBDCB3E-D936-4C8D-86ED-11845A05B47A}
XLink Kai Evolution 7 --> MsiExec.exe /X{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}
XviD4PSP --> C:\Program Files\Winnydows\XviD4PSP\Uninstall.exe
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
ZoomText 8.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802A3565-1E80-492B-8473-7E99EF22FA1D}\setup.exe" -l0x9 -ir
ZoomText 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24BEE00C-0DE6-443E-8C3C-00A199B1DCDD}\setup.exe" -l0x9 -ir -ni

-- Application Event Log -------------------------------------------------------

Event Record #/Type53797 / Success
Event Submitted/Written: 03/02/2008 10:15:29 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type52942 / Success
Event Submitted/Written: 02/29/2008 08:03:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type52872 / Error
Event Submitted/Written: 02/29/2008 06:34:34 PM
Event ID/Source: 1000 / SceCli
Event Description:
Security configuration was not backed up.
Error 1208 to open database.

Event Record #/Type52871 / Warning
Event Submitted/Written: 02/29/2008 06:33:00 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type52870 / Warning
Event Submitted/Written: 02/29/2008 06:33:00 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1330 / Error
Event Submitted/Written: 03/04/2008 07:26:59 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd

Event Record #/Type1329 / Error
Event Submitted/Written: 03/04/2008 07:26:59 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%10045

Event Record #/Type1328 / Error
Event Submitted/Written: 03/04/2008 07:26:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Open Host Controller Miniport USB Driver service failed to start due to the following error:
%%2

Event Record #/Type1327 / Error
Event Submitted/Written: 03/04/2008 07:26:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ntndis service failed to start due to the following error:
%%2

Event Record #/Type1326 / Error
Event Submitted/Written: 03/04/2008 07:26:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee SpamKiller Server service failed to start due to the following error:
%%1053

-- End of Deckard's System Scanner: finished at 2008-03-04 19:34:38 ------------

#11
Rorschach112

Posted 04 March 2008 - 08:01 PM

Ralphie

Retired Staff
47,710 posts

Hello

You have two anti-virus programs, Avast and Norton, you need to remove one of these

You have two firewalls, so you need to disable Windows firewall

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {91460C1C-02A7-4A66-B6B3-A9196AD2D64B} - C:\WINDOWS\system32\awvvt.dll
O2 - BHO: (no name) - {9841B06E-5D9A-4005-A064-CE028CEEC2C0} - C:\WINDOWS\system32\werwef.dll (file missing)
O2 - BHO: (no name) - {A11A8D42-882F-4825-A4E7-7E69202778DB} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {B1DDDA4C-44FC-0F2B-D828-4BE6008C5FE2} - C:\WINDOWS\system32\fyvtdmaw.dll (file missing)
O2 - BHO: (no name) - {D7FD6C15-4927-4AAE-BF12-FBDABD287EB1} - C:\WINDOWS\system32\xxyyvwv.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangoc...d3cafd35fff1431
O20 - Winlogon Notify: xxyyvwv - C:\WINDOWS\SYSTEM32\xxyyvwv.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\mapisrv32.dll
C:\WINDOWS\jtcres32.dll
C:\WINDOWS\system32\ai2drv.dat
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\click.dll
C:\WINDOWS\system32\xxyyvwv.dll
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\ulksystem33.exe
C:\Program Files\?icrosoft.NET /u
C:\WINDOWS\system32\pmkjh.exe
C:\PROGRA~1\MYWEBS~1
C:\WINDOWS\system32\CROSOF~1\dllhost.exe
F:\DarksUSB.exe
E:\DarksUSB.exe

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

purity
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eybbnl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tbsa
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc32b78-c095-11dc-af25-0014a56ba8a0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9856fc48-ac3c-11dc-aead-0014a56ba8a0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f31481-4da7-11dc-acf0-0014a56ba8a0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d89027-b4d8-11dc-aee0-0014a56ba8a0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7838c62-9ae2-11dc-ae5d-0014a56ba8a0}

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

#12
Rorschach112

Posted 09 March 2008 - 06:21 PM

Ralphie

Retired Staff
47,710 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.