Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware

Started by Davis Engeler , Mar 06 2008 10:33 PM

  • Please log in to reply

#1
Davis Engeler
Posted 06 March 2008 - 10:33 PM

Davis Engeler

    Member

  • Member
  • PipPip
  • 22 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:12 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\stonegate.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\explorer32\WinsysMngr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Davis M. Engeler\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...nG0FsNrbEFH1w==
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [FD_SAP] C:\WINDOWS\System32\Drivers\SAP\FD.exe
O4 - HKLM\..\Run: [StoneGateAgent] "C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winload32] C:\WINDOWS\system32\Winload32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BM4783ffdb] Rundll32.exe "C:\WINDOWS\system32\hefdmgia.dll",s
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161979902703
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell...t/TLIEFlash.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StoneGate VPN Client (SGClient) - Stonesoft Corp. - C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe

--
End of file - 7473 bytes
  • 0

Advertisements

#2
sarahw
Posted 06 March 2008 - 10:45 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw
Posted 06 March 2008 - 10:46 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Edited by sarahw, 06 March 2008 - 10:47 PM.

  • 0

#4
Davis Engeler
Posted 06 March 2008 - 11:13 PM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Deckard's System Scanner v20071014.68
Run by Davis M. Engeler on 2008-03-06 12:09:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-03-06 17:12:19 UTC - RP1012 - Deckard's System Scanner Restore Point
95: 2008-02-22 17:15:40 UTC - RP1011 - Removed PhotoStudio Expressions
94: 2008-02-22 17:09:33 UTC - RP1010 - Configured Camera Window
93: 2008-02-21 21:10:58 UTC - RP1009 - Installed Ad-Aware 2007
92: 2008-02-20 23:24:49 UTC - RP1008 - System Checkpoint


-- First Restore Point --
1: 2008-02-18 20:31:55 UTC - RP917 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Davis M. Engeler.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:39 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\stonegate.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\explorer32\WinsysMngr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Davis M. Engeler\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Davis M. Engeler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...nG0FsNrbEFH1w==
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {D1D32F4F-5958-4F6D-BC5A-A4DE1DF6B0CD} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\tuvwxwx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [FD_SAP] C:\WINDOWS\System32\Drivers\SAP\FD.exe
O4 - HKLM\..\Run: [StoneGateAgent] "C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winload32] C:\WINDOWS\system32\Winload32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BM4783ffdb] Rundll32.exe "C:\WINDOWS\system32\hefdmgia.dll",s
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161979902703
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell...t/TLIEFlash.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O20 - Winlogon Notify: tuvwxwx - C:\WINDOWS\SYSTEM32\tuvwxwx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StoneGate VPN Client (SGClient) - Stonesoft Corp. - C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe

--
End of file - 7925 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin/MarvinPro>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 sgvnic (StoneGate VPN Virtual Adapter) - c:\windows\system32\drivers\sgvnic.sys <Not Verified; Stonesoft Corp.; StoneGate VPN Client>
R3 stonegate (StoneGate VPN Module (IPsec)) - c:\windows\system32\drivers\stonegate.sys <Not Verified; Stonesoft Corp.; StoneGate VPN Client>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SGClient (StoneGate VPN Client) - c:\program files\stonesoft\stonegate vpn client\gatekeeper.exe -d <Not Verified; Stonesoft Corp.; StoneGate VPN Client>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-21 12:31:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-06 and 2008-03-06 -----------------------------

2008-03-06 11:31:28 0 d-------- C:\Program Files\Trend Micro
2008-03-06 11:17:31 92736 --a------ C:\WINDOWS\system32\hefdmgia.dll
2008-02-21 16:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:08:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 19:51:16 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-19 19:51:04 0 d-------- C:\Program Files\SpyNoMore
2008-02-18 16:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-18 16:08:39 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-18 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-02-18 15:31:39 253290 --ahs---- C:\WINDOWS\system32\rrqss.ini2
2008-02-18 15:31:32 323072 --a------ C:\WINDOWS\system32\ssqrr.dll
2008-02-18 15:27:54 37376 --a------ C:\WINDOWS\system32\cbxxust.dll
2008-02-18 15:27:07 37376 --a------ C:\WINDOWS\system32\ssqqnmm.dll
2008-02-18 15:26:26 37376 --a------ C:\WINDOWS\system32\tuvwxwx.dll
2008-02-18 13:46:03 0 d-------- C:\WINDOWS\system32\Grand Theft Auto IV Screenshot dir
2008-02-18 11:38:22 0 d-------- C:\Program Files\Cognaxon
2008-02-13 16:24:30 0 d-------- C:\Program Files\iSofter
2008-02-12 20:51:46 0 d-------- C:\Program Files\Kongsoft
2008-02-12 20:49:58 0 d-------- C:\Program Files\Smart CD Ripper
2008-02-12 19:26:29 0 d-------- C:\WINDOWS\system32\windows media
2008-02-12 19:26:08 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-02-12 19:25:58 0 d-------- C:\Program Files\Windows Media Components
2008-02-12 18:55:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 18:55:37 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-12 18:55:37 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-12 18:55:37 3535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-02-12 18:55:36 4455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-02-12 18:55:29 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-12 18:55:27 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-12 18:55:27 0 d-------- C:\Program Files\Xvid
2008-02-12 18:55:25 0 d-------- C:\Program Files\AoA DVD Ripper
2008-02-12 18:52:08 0 d-------- C:\Program Files\SmartSoftVideoConverterPro
2008-02-12 16:38:42 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-12 16:38:26 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-12 16:38:25 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-12 16:30:53 0 d-------- C:\Program Files\Microsoft.NET
2008-02-12 16:30:53 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-12 16:30:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 16:29:29 0 d-------- C:\Program Files\Microsoft SDKs
2008-02-12 16:26:25 0 d-------- C:\Program Files\MSBuild
2008-02-12 16:26:14 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-12 16:26:03 0 d-------- C:\Program Files\Reference Assemblies
2008-02-12 16:18:11 0 d-------- C:\Program Files\MSXML 6.0
2008-02-10 22:10:27 0 d-------- C:\WINDOWS\network diagnostic
2008-02-10 20:10:58 0 d-------- C:\Program Files\Symantec_Client_Security
2008-02-10 20:10:58 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Find3M Report ---------------------------------------------------------------

2008-03-06 11:16:55 0 d-------- C:\Documents and Settings\Davis M. Engeler\Application Data\AVG7
2008-02-22 12:15:10 0 d-------- C:\Program Files\PhotoStudio Expressions
2008-02-22 12:14:55 0 d-------- C:\Program Files\Common Files
2008-02-21 16:13:23 0 d-------- C:\Program Files\Lavasoft
2008-02-21 16:13:20 0 d-------- C:\Documents and Settings\Davis M. Engeler\Application Data\Lavasoft
2008-02-18 21:21:59 0 d-------- C:\Documents and Settings\Davis M. Engeler\Application Data\Adobe
2008-02-18 16:29:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-18 16:14:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-17 20:47:20 0 d-------- C:\Program Files\NaturalMotion
2008-02-10 20:13:14 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1D32F4F-5958-4F6D-BC5A-A4DE1DF6B0CD}]
02/18/2008 03:31 PM 323072 --a------ C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]
02/18/2008 03:26 PM 37376 --a------ C:\WINDOWS\system32\tuvwxwx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FD_SAP"="C:\WINDOWS\System32\Drivers\SAP\FD.exe" [09/26/2006 11:51 AM]
"StoneGateAgent"="C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe" [07/05/2005 06:51 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 11:22 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 11:22 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 03:40 PM]
"winload32"="C:\WINDOWS\system32\Winload32.exe" [10/30/2005 07:38 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/10/2008 08:04 PM]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [02/16/2008 12:55 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"BM4783ffdb"="C:\WINDOWS\system32\hefdmgia.dll" [03/06/2008 11:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 02:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D85530E8-D39D-49D0-9F36-300D594556D2}"= C:\WINDOWS\system32\tuvwxwx.dll [02/18/2008 03:26 PM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxwx]
tuvwxwx.dll 02/18/2008 03:26 PM 37376 C:\WINDOWS\system32\tuvwxwx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad]
C:\WINDOWS\system32\Winload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad32]
C:\WINDOWS\system32\Winload32.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\Winload3232.exe



-- End of Deckard's System Scanner: finished at 2008-03-06 12:21:22 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 510.98 MiB / 195.55 MiB
Pagefile Memory (total/avail): 1249.68 MiB / 628.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 28.83 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - IC35L090AVV207-0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"="C:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe:*:Enabled:Links 2003"
"C:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"="C:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe:*:Enabled:Executable"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\\Program Files\\Stonesoft\\StoneGate VPN Client\\sgagent.exe"="C:\\Program Files\\Stonesoft\\StoneGate VPN Client\\sgagent.exe:*:Enabled:StoneGate VPN Agent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Disabled:BitLord"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX37.375\\ps3proxy.exe"="C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX37.375\\ps3proxy.exe:*:Disabled:PS3 Proxy"
"C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.812\\ps3proxy.exe"="C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.812\\ps3proxy.exe:*:Disabled:PS3 Proxy"
"C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.766\\ps3proxy.exe"="C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.766\\ps3proxy.exe:*:Disabled:PS3 Proxy"
"C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.578\\ps3proxy.exe"="C:\\Documents and Settings\\Davis M. Engeler\\Local Settings\\Temp\\Rar$EX00.578\\ps3proxy.exe:*:Disabled:PS3 Proxy"
"C:\\Documents and Settings\\Davis M. Engeler\\Desktop\\ps3proxy.exe"="C:\\Documents and Settings\\Davis M. Engeler\\Desktop\\ps3proxy.exe:*:Disabled:PS3 Proxy"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Davis M. Engeler\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Davis M. Engeler
LOGONSERVER=\\DAVIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVISM~1.ENG\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVISM~1.ENG\LOCALS~1\Temp
USERDOMAIN=DAVIS
USERNAME=Davis M. Engeler
USERPROFILE=C:\Documents and Settings\Davis M. Engeler
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sharon M. Engeler (admin)
Davis M. Engeler (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advantage Writing and Vocabulary --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BE4280-F6B6-11D4-9F17-00C0F0402C9B}\setup1.exe"
AoA DVD Ripper --> "C:\Program Files\AoA DVD Ripper\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon FV40, ZR70 MC WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A6128F-F211-44EC-AE67-3B06FC4721BE}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Canon ZR65 MC WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}
Click'N Design 3D --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell AIO Printer A940 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBAUN5C.EXE -dDell AIO Printer A940
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DV NETWORK SOLUTION DISK --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78E59435-A150-4C50-9B4B-370D9C15D1E5} /l1033
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Standard --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NewtonPlayGround 1.5 --> "C:\Program Files\NewtonPlayGround\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PhotoStudio Expressions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAD36D74-C78A-4753-84DB-13FBB4FEA65C}\Setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PS3.ProxyServer --> MsiExec.exe /I{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}
Punch! Super Home Suite --> C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SmartCDRipper --> "C:\Program Files\Smart CD Ripper\unins000.exe"
SmartSoft Video Converter --> "C:\Program Files\SmartSoftVideoConverterPro\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoftCollection Shooting-Range 1.58 --> "C:\Program Files\SoftCollection Shooting-Range\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SpyNoMore 2.69 --> C:\Program Files\SpyNoMore\uninst.exe
StoneGate VPN Client 2.6.0.814 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2C7AB30-146B-11D5-973C-00105A698689}\Setup.exe" -l0x9 UNINSTALL
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
The Movies™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
Typing Instructor --> C:\PROGRA~1\TYPING~1\UNWISE.EXE C:\PROGRA~1\TYPING~1\INSTALL.LOG
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WNW Dictionary v2.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Accent\WNW\DeIsL1.isu"
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type14065 / Error
Event Submitted/Written: 03/06/2008 11:47:14 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Davis M. Engeler\Local Settings\Temporary Internet Files\Content.IE5\P7SVLYK3\14_swp[1].htm by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access denied

Event Record #/Type14064 / Error
Event Submitted/Written: 03/06/2008 11:24:15 AM
Event ID/Source: 5 / Norton AntiVirus
Event Description:
Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Davis M. Engeler\Local Settings\Temporary Internet Files\Content.IE5\P7SVLYK3\14_swp[1].htm by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access denied

Event Record #/Type14058 / Error
Event Submitted/Written: 03/06/2008 11:15:59 AM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application explorer32: Thread ID: 1824 ,Logged: Engine Shut down: timer1_Timer CloseExplorer HKEY=true

Event Record #/Type14057 / Warning
Event Submitted/Written: 03/06/2008 11:15:59 AM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application explorer32: Thread ID: 1824 ,Logged: Error : Closing App CloseExplorer HKEY = true: Module : Timer1_timer : EXEname : explorer32

Event Record #/Type14045 / Warning
Event Submitted/Written: 02/22/2008 02:12:12 PM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not access Drive D:\ since the device is not ready.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14410 / Warning
Event Submitted/Written: 02/22/2008 11:54:10 AM / 02/22/2008 11:55:00 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type14338 / Warning
Event Submitted/Written: 02/22/2008 10:33:45 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type14319 / Warning
Event Submitted/Written: 02/20/2008 11:15:13 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type14318 / Error
Event Submitted/Written: 02/19/2008 09:36:33 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type14315 / Warning
Event Submitted/Written: 02/19/2008 09:35:49 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down



-- End of Deckard's System Scanner: finished at 2008-03-06 12:21:22 ------------
  • 0

#5
sarahw
Posted 06 March 2008 - 11:17 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
1.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2.
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#6
Davis Engeler
Posted 07 March 2008 - 12:19 AM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
VundoFix V7.0.1

Scan started at 12:42:09 PM 3/6/2008

Listing files found while scanning....

C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini2
C:\windows\system32\ssqrr.dll
C:\WINDOWS\system32\tuvwxwx.dll

Beginning removal...

Attempting to delete C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini Has been deleted!

Attempting to delete C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ssqrr.dll
C:\windows\system32\ssqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwxwx.dll
C:\WINDOWS\system32\tuvwxwx.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvwxwx.dll
C:\WINDOWS\system32\tuvwxwx.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#7
sarahw
Posted 07 March 2008 - 12:22 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Edited by sarahw, 07 March 2008 - 12:22 AM.

  • 0

#8
Davis Engeler
Posted 07 March 2008 - 05:39 AM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:07 AM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\stonegate.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D1D32F4F-5958-4F6D-BC5A-A4DE1DF6B0CD} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O4 - HKLM\..\Run: [FD_SAP] C:\WINDOWS\System32\Drivers\SAP\FD.exe
O4 - HKLM\..\Run: [StoneGateAgent] "C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winload32] C:\WINDOWS\system32\Winload32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161979902703
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell...t/TLIEFlash.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StoneGate VPN Client (SGClient) - Stonesoft Corp. - C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe

--
End of file - 6549 bytes







ComboFix 08-03-06.4 - Davis M. Engeler 2008-03-07 1:58:35.2 - NTFSx86
Running from: C:\Documents and Settings\Davis M. Engeler\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\blocker.cur
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\TemE16.tmp
C:\Documents and Settings\Davis M. Engeler\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Davis M. Engeler\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Davis M. Engeler\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\Starware
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\AlertArchive.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\temp\iee
C:\WINDOWS\BM4783ffdb.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxxust.dll
C:\WINDOWS\system32\hefdmgia.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\ssqqnmm.dll
C:\WINDOWS\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-06 12:42 . 2008-03-06 13:15 <DIR> d-------- C:\VundoFix Backups
2008-03-06 12:09 . 2008-03-06 12:09 <DIR> d-------- C:\Deckard
2008-03-06 11:31 . 2008-03-06 11:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 11:47 . 2004-12-17 19:42 84,138 --a------ C:\WINDOWS\_DETMP.1
2008-02-21 16:11 . 2008-02-21 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:08 . 2008-02-21 16:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 19:51 . 2008-02-19 20:03 <DIR> d-------- C:\Program Files\SpyNoMore
2008-02-19 19:51 . 2008-02-19 19:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-18 16:08 . 2008-02-18 16:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-18 16:08 . 2008-02-18 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-18 13:46 . 2008-02-22 12:10 <DIR> d-------- C:\WINDOWS\system32\Grand Theft Auto IV Screenshot dir
2008-02-18 11:38 . 2008-02-18 11:38 <DIR> d-------- C:\Program Files\Cognaxon
2008-02-17 21:21 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-02-13 16:24 . 2008-02-13 16:24 <DIR> d-------- C:\Program Files\iSofter
2008-02-12 20:51 . 2008-02-12 20:51 <DIR> d-------- C:\Program Files\Kongsoft
2008-02-12 20:49 . 2008-02-12 20:50 <DIR> d-------- C:\Program Files\Smart CD Ripper
2008-02-12 19:26 . 2008-02-12 19:26 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-12 19:26 . 2008-02-17 21:20 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-12 19:25 . 2008-02-12 19:25 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-12 18:55 . 2008-02-12 18:55 <DIR> d-------- C:\Program Files\Xvid
2008-02-12 18:55 . 2008-02-12 18:58 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-02-12 18:55 . 2008-02-14 16:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 18:55 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-12 18:55 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-12 18:55 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-12 18:55 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2008-02-12 18:55 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2008-02-12 18:55 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-02-12 18:55 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-02-12 18:55 . 2008-02-14 15:12 174 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-02-12 18:52 . 2008-02-12 18:52 <DIR> d-------- C:\Program Files\SmartSoftVideoConverterPro
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-12 16:30 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-12 16:30 . 2008-02-12 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 16:24 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-12 16:18 . 2008-02-12 16:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-10 22:43 . 2008-02-10 22:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-02-10 22:17 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 22:17 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 22:17 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 22:17 . 2007-12-06 21:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 22:17 . 2007-12-06 21:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 22:17 . 2007-12-06 21:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 22:17 . 2007-12-06 21:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 22:17 . 2007-12-06 21:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 22:17 . 2007-12-06 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 20:13 . 2008-02-10 20:07 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-02-10 20:13 . 2008-02-10 20:07 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-10 20:13 . 2008-02-10 20:07 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-10 20:10 . 2008-02-10 20:10 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2008-02-10 20:10 . 2008-02-10 20:12 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 16:16 --------- d-----w C:\Documents and Settings\Davis M. Engeler\Application Data\AVG7
2008-02-22 17:15 --------- d-----w C:\Program Files\PhotoStudio Expressions
2008-02-22 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-21 21:13 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 21:13 --------- d-----w C:\Documents and Settings\Davis M. Engeler\Application Data\Lavasoft
2008-02-18 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 21:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 01:47 --------- d-----w C:\Program Files\NaturalMotion
2008-02-11 01:13 --------- d-----w C:\Program Files\Symantec
2007-07-07 17:22 40,648 -c--a-w C:\Documents and Settings\Davis M. Engeler\Application Data\GDIPFONTCACHEV1.DAT
2006-09-10 16:25 1,364 ----a-w C:\Program Files\Common Files\temp.html
2006-05-31 13:14 108,056 ----a-w C:\Program Files\Common Files\secman.dll
2006-03-11 23:09 626,176 -c--a-w C:\Program Files\Common Files\osmax.ocx
2007-05-26 04:56 80 --sh--r C:\WINDOWS\system32\10326E959F.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1D32F4F-5958-4F6D-BC5A-A4DE1DF6B0CD}]
C:\WINDOWS\system32\ssqrr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FD_SAP"="C:\WINDOWS\System32\Drivers\SAP\FD.exe" [2006-09-26 11:51 202240]
"StoneGateAgent"="C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe" [2005-07-05 18:51 217168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"winload32"="C:\WINDOWS\system32\Winload32.exe" [2005-10-30 19:38 65536]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 20:04 579072]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-02-16 12:55 1274320]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 20:04 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 16:21 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-12-06 21:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-01 19:33 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad]
C:\WINDOWS\system32\Winload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad32]
--a------ 2005-10-30 19:38 65536 C:\WINDOWS\system32\Winload32.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Stonesoft\\StoneGate VPN Client\\sgagent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\StubInstaller.exe"=

R2 SGClient;StoneGate VPN Client;C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe [2005-07-05 18:51]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 14:19]
R3 sgvnic;StoneGate VPN Virtual Adapter;C:\WINDOWS\system32\DRIVERS\sgvnic.sys [2005-07-05 18:34]
R3 stonegate;StoneGate VPN Module (IPsec);C:\WINDOWS\system32\DRIVERS\stonegate.sys [2005-07-05 18:34]
S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys [2002-06-26 23:44]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 17:31:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 02:10:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-07 2:20:50
ComboFix-quarantined-files.txt 2008-03-07 07:20:42
.
2008-02-14 08:02:33 --- E O F ---
  • 0

#9
sarahw
Posted 07 March 2008 - 03:18 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\Winload32.exe
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\Winload.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winload32"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1D32F4F-5958-4F6D-BC5A-A4DE1DF6B0CD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad32]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#10
Davis Engeler
Posted 07 March 2008 - 04:07 PM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 08-03-06.4 - Davis M. Engeler 2008-03-07 16:42:29.3 - NTFSx86
Running from: C:\Documents and Settings\Davis M. Engeler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Davis M. Engeler\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\Winload.exe
C:\WINDOWS\system32\Winload32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Winload32.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-06 12:42 . 2008-03-06 13:15 <DIR> d-------- C:\VundoFix Backups
2008-03-06 12:09 . 2008-03-06 12:09 <DIR> d-------- C:\Deckard
2008-03-06 11:31 . 2008-03-06 11:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 11:47 . 2004-12-17 19:42 84,138 --a------ C:\WINDOWS\_DETMP.1
2008-02-21 16:11 . 2008-02-21 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 16:08 . 2008-02-21 16:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 19:51 . 2008-02-19 20:03 <DIR> d-------- C:\Program Files\SpyNoMore
2008-02-19 19:51 . 2008-02-19 19:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-18 16:08 . 2008-02-18 16:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-18 16:08 . 2008-02-18 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-18 13:46 . 2008-02-22 12:10 <DIR> d-------- C:\WINDOWS\system32\Grand Theft Auto IV Screenshot dir
2008-02-18 11:38 . 2008-02-18 11:38 <DIR> d-------- C:\Program Files\Cognaxon
2008-02-17 21:21 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-02-13 16:24 . 2008-02-13 16:24 <DIR> d-------- C:\Program Files\iSofter
2008-02-12 20:51 . 2008-02-12 20:51 <DIR> d-------- C:\Program Files\Kongsoft
2008-02-12 20:49 . 2008-02-12 20:50 <DIR> d-------- C:\Program Files\Smart CD Ripper
2008-02-12 19:26 . 2008-02-12 19:26 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-12 19:26 . 2008-02-17 21:20 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-12 19:25 . 2008-02-12 19:25 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-12 18:55 . 2008-02-12 18:55 <DIR> d-------- C:\Program Files\Xvid
2008-02-12 18:55 . 2008-02-12 18:58 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-02-12 18:55 . 2008-02-14 16:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 18:55 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-12 18:55 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-12 18:55 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-12 18:55 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2008-02-12 18:55 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2008-02-12 18:55 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-02-12 18:55 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-02-12 18:55 . 2008-02-14 15:12 174 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-02-12 18:52 . 2008-02-12 18:52 <DIR> d-------- C:\Program Files\SmartSoftVideoConverterPro
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-12 16:38 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-12 16:30 . 2008-02-12 16:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-12 16:30 . 2008-02-12 16:38 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-12 16:30 . 2008-02-12 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 16:29 . 2008-02-12 16:29 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-12 16:26 . 2008-02-12 16:26 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 16:24 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-12 16:18 . 2008-02-12 16:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-10 22:43 . 2008-02-10 22:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-02-10 22:17 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 22:17 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 22:17 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 22:17 . 2007-12-06 21:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 22:17 . 2007-12-06 21:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 22:17 . 2007-12-06 21:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 22:17 . 2007-12-06 21:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 22:17 . 2007-12-06 21:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 22:17 . 2007-12-06 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 20:13 . 2008-02-10 20:07 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-02-10 20:13 . 2008-02-10 20:07 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-10 20:13 . 2008-02-10 20:07 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-10 20:10 . 2008-02-10 20:10 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2008-02-10 20:10 . 2008-02-10 20:12 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 16:16 --------- d-----w C:\Documents and Settings\Davis M. Engeler\Application Data\AVG7
2008-02-22 17:15 --------- d-----w C:\Program Files\PhotoStudio Expressions
2008-02-22 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-21 21:13 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 21:13 --------- d-----w C:\Documents and Settings\Davis M. Engeler\Application Data\Lavasoft
2008-02-18 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 21:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 01:47 --------- d-----w C:\Program Files\NaturalMotion
2008-02-11 01:13 --------- d-----w C:\Program Files\Symantec
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-07 17:22 40,648 -c--a-w C:\Documents and Settings\Davis M. Engeler\Application Data\GDIPFONTCACHEV1.DAT
2006-09-10 16:25 1,364 ----a-w C:\Program Files\Common Files\temp.html
2006-05-31 13:14 108,056 ----a-w C:\Program Files\Common Files\secman.dll
2006-03-11 23:09 626,176 -c--a-w C:\Program Files\Common Files\osmax.ocx
2007-05-26 04:56 80 --sh--r C:\WINDOWS\system32\10326E959F.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FD_SAP"="C:\WINDOWS\System32\Drivers\SAP\FD.exe" [2006-09-26 11:51 202240]
"StoneGateAgent"="C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe" [2005-07-05 18:51 217168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 20:04 579072]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-02-16 12:55 1274320]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 20:04 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 16:21 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-12-06 21:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-01 19:33 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Stonesoft\\StoneGate VPN Client\\sgagent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\StubInstaller.exe"=

R2 SGClient;StoneGate VPN Client;C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe [2005-07-05 18:51]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 14:19]
R3 sgvnic;StoneGate VPN Virtual Adapter;C:\WINDOWS\system32\DRIVERS\sgvnic.sys [2005-07-05 18:34]
R3 stonegate;StoneGate VPN Module (IPsec);C:\WINDOWS\system32\DRIVERS\stonegate.sys [2005-07-05 18:34]
S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys [2002-06-26 23:44]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 17:31:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 16:48:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2008-03-07 16:49:59
ComboFix-quarantined-files.txt 2008-03-07 21:49:30
ComboFix2.txt 2008-03-07 07:20:52
.
2008-02-14 08:02:33 --- E O F ---
  • 0

Advertisements

#11
sarahw
Posted 07 March 2008 - 04:13 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
1.
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.


2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.


3.
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.


4.
Please open ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


5.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.


6.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


7.
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.



8.
Post the AVG Antispyware, Panda active scan logs in a reply.

:)

Edited by sarahw, 07 March 2008 - 04:17 PM.

  • 0

#12
Davis Engeler
Posted 09 March 2008 - 06:56 PM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sarah,
In your last reply, in step 5, (where I have to do the AVG scan) I followed the steps EXACTLY but when I choose the Reports tab, is has "No reports available" and the "Save report as... button is disabled. What should I do?
  • 0

#13
sarahw
Posted 09 March 2008 - 08:42 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
ignoring all the cookies, try to tell me what is in there, also, make sure it is set to Apply all actions.
copy and paste it from avg if you can.
  • 0

#14
Davis Engeler
Posted 10 March 2008 - 01:56 PM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OK, the results of the AVG Anti-Spyware scan:


7 objects found (33 traces)

Downloader.VB.awj
Adware.Starware
Adware.180Solutions
Adware.Generic
Adware.PurityScan
Adware.SpyNoMore
Not-A-Virus.Monitor.Win32.P...


These have all been quarantined.
  • 0

#15
Davis Engeler
Posted 10 March 2008 - 04:30 PM

Davis Engeler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
In Step 6 it won't let me click on the Scan Coumputer. It seems like the page format is messed up.

Edited by Davis Engeler, 10 March 2008 - 05:16 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP