Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antispywareupdates.net problems and Task Manager [CLOSED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do my steps in Post 10 and post a new DSS log after it
  • 0

Advertisements


#17
brandyjd7

brandyjd7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by Brandy&Tim on 2008-04-01 07:28:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as Brandy&Tim.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:36 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brandy&Tim\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRANDY~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=z
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 4 b5uyrawr46e5656rttre6tre5
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: PrevxCSI.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...irearms/3d/1100
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110757757281
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://D:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62...geWell-ipix.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10972 bytes

-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-03-28 12:32:23 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-28 12:24:49 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-03-28 12:16:26 0 d-------- C:\Program Files\Intuit
2008-03-28 06:47:56 0 d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-03-27 22:15:57 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Download Manager
2008-03-27 22:15:35 0 d-------- C:\Program Files\Akamai
2008-03-06 21:31:40 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Malwarebytes
2008-03-06 21:31:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-06 21:31:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-06 04:01:17 0 d-------- C:\Program Files\MSXML 4.0
2008-03-05 18:40:25 0 d-------- C:\Program Files\Trend Micro
2008-03-05 18:23:17 3588 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-05 18:22:22 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-05 18:22:22 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-05 18:22:22 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-05 18:22:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-05 18:22:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-05 18:22:22 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-05 18:22:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-04 16:44:02 0 d--h----- C:\WINDOWS\PIF
2008-03-04 04:24:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-03-04 04:23:46 0 d-------- C:\Program Files\Common Files\PC Tools
2008-03-04 03:45:50 0 d-------- C:\WINDOWS\CSC
2008-03-04 00:26:39 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 00:26:17 0 d-------- C:\Program Files\Spyware Doctor
2008-03-04 00:26:17 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\PC Tools
2008-03-03 23:19:24 10752 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
2008-03-03 23:19:24 0 d-------- C:\Program Files\PrevxCSI
2008-03-03 23:19:20 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\PrevxCSI
2008-03-03 23:16:13 0 d-------- C:\Program Files\LIUtilities
2008-03-03 23:15:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 18:51:47 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-03 18:50:29 0 d-------- C:\WINDOWS\Prefetch
2008-03-03 16:44:15 0 d-------- C:\WINDOWS\peernet
2008-03-03 16:44:12 0 d-------- C:\WINDOWS\provisioning
2008-03-02 15:14:28 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\LimeWire
2008-03-02 15:10:49 0 d-------- C:\Program Files\LimeWire
2008-03-02 14:04:50 0 d-------- C:\Program Files\AVG


-- Find3M Report ---------------------------------------------------------------

2008-03-31 16:29:51 301776 --a------ C:\Documents and Settings\Brandy&Tim\Application Data\GDIPFONTCACHEV1.DAT
2008-03-28 12:32:23 0 d-------- C:\Program Files\Common Files
2008-03-28 12:18:18 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-06 04:20:33 0 d-------- C:\Program Files\Messenger
2008-03-03 20:25:20 0 d-------- C:\Program Files\CD Design Creator
2008-03-03 20:25:18 0 d-------- C:\Program Files\Microsoft Works
2008-03-03 20:25:16 0 d-------- C:\Program Files\Microsoft Digital Image 10
2008-03-03 20:25:15 0 d-------- C:\Program Files\Phonics
2008-03-03 20:25:15 0 d-------- C:\Program Files\NZRVR
2008-03-03 20:25:14 0 d-------- C:\Program Files\Theme-Pak
2008-03-03 20:25:14 0 d-------- C:\Program Files\The Print Shop 21
2008-03-03 20:25:14 0 d-------- C:\Program Files\Quicken
2008-03-03 20:25:13 0 d-------- C:\Program Files\Sierra On-Line
2008-03-03 20:25:13 0 d-------- C:\Program Files\schedule
2008-03-03 20:25:13 0 d-------- C:\Program Files\Movie Maker
2008-03-03 19:26:35 0 d-------- C:\Program Files\Symantec
2008-03-03 19:26:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 16:36:18 0 d-------- C:\Program Files\Windows NT
2008-03-03 12:32:35 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\AVG7
2008-03-01 17:06:27 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\MSN6
2008-02-29 00:00:08 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Talkback
2008-02-24 12:35:19 0 d-------- C:\Program Files\QuickTime
2008-02-24 12:29:21 0 d-------- C:\Program Files\The Learning Company
2008-02-24 12:29:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 12:13:58 0 d-------- C:\Program Files\Connection Wizard
2008-02-24 12:00:27 4 --a------ C:\WINDOWS\system32\EC74FB
2008-02-24 12:00:25 0 d-------- C:\Program Files\Rhapsody
2008-02-24 11:59:09 0 d-------- C:\Program Files\Common Files\Real
2008-02-24 11:58:37 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Real
2008-02-22 10:16:37 3167 --a------ C:\WINDOWS\mozver.dat
2008-02-22 10:16:34 0 d-------- C:\Program Files\Virtools
2008-02-21 17:13:11 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Help
2008-02-21 05:10:55 0 d-------- C:\Program Files\eBay
2008-02-20 22:33:07 0 d-------- C:\Program Files\Real
2008-02-20 21:40:23 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Mozilla
2008-02-20 19:34:37 0 d-------- C:\Program Files\Java
2008-02-20 19:13:49 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\alot
2008-02-20 18:06:31 0 d-------- C:\Program Files\Starfield
2008-02-20 13:31:18 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2008-02-16 22:27:54 0 d-------- C:\Documents and Settings\Brandy&Tim\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
08/10/2007 05:38 PM 551208 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [06/10/2003 07:12 AM C:\WINDOWS\SOUNDMAN.EXE]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [01/13/2003 04:05 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [01/13/2003 12:19 PM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [01/09/2003 11:21 AM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [08/16/2000 03:08 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/18/2003 01:31 AM]
"nwiz"="nwiz.exe" [06/18/2003 01:31 AM C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [06/25/2003 01:24 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [06/26/2003 08:50 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 05:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/17/2001 12:41 AM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 12:00 PM]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [08/23/2001 08:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/24/2008 12:35 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 01:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 12:00 PM]
"AnyTime Organizer"="" []
"AnyTime Deluxe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/01/2007 01:32 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/20/2006 10:36 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 07:23 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [11/06/2007 03:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Brandy&Tim\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
PrevxCSI.lnk - C:\Program Files\PrevxCSI\prevxcsi.exe [3/3/2008 11:19:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [11/21/2003 3:29:38 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe [4/1/2004 9:34:59 AM]
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [8/22/2005 6:09:50 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 3:20:40 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 7:06:54 PM]
PowerReg Scheduler.exe [8/22/2005 6:10:42 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/27/2008 5:00:46 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-01 07:30:21 ------------
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP