Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antispywareupdate


  • Please log in to reply

#1
thinkingreverse

thinkingreverse

    New Member

  • Member
  • Pip
  • 6 posts
So I have this annoying antispywareupadte thing. I'm assuming it is because of something a roommate downloaded. :) The background is changed and I have pop ups here and there telling me to buy their programs. I'm a little bit confused by this website so I'm crossing my fingers that I've done everything right...




Deckard's System Scanner v20071014.68
Run by erin on 2008-03-08 18:00:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-08 23:01:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 5.38 GiB (less than 15%) free.


-- HijackThis (run as erin.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:26 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erin\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\erin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silverchair.nu/
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4DDF6887-C916-4B3B-A4DC-9B44D529BCF0} - C:\Program Files\Lavasoft\nixyzebilC:\DOCUME~1\Trish\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {69309AC6-5A25-77FF-5314-5800CCC588BF} - C:\WINDOWS\system32\kwusg.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [sys02007436727] C:\WINDOWS\sys02007436727.exe
O4 - HKLM\..\Run: [mpw801a3] RUNDLL32.EXE w4b4a3af.dll,n 003801a0000000034b4a3af
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LOVE BIKE] C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{101901FF-0AE9-1033-1008-030301300001}] "C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 8228 bytes

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys <Not Verified; Elaborate Bytes AG; Microsoft® Windows® Operating System>
R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; Elaborate Bytes AG; CloneCD>

S3 DCamUSBUVT (ICM532A) - c:\windows\system32\drivers\usbuvt.sys <Not Verified; IC Media Corporation; IC Media 532 CIF Camera Driver>
S3 jnv4_mib - c:\docume~1\trish\locals~1\temp\jnv4_mib.sys (file missing)
S3 msdirectx - c:\windows\system32\msdirectx.sys (file missing)
S3 slabbus (USB Composite Device driver (WDM)) - c:\windows\system32\drivers\slabbus.sys (file missing)
S3 slabser (USB Data Cable Drivers) - c:\windows\system32\drivers\slabser.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-08 18:00:03 254 --ah----- C:\WINDOWS\Tasks\B4EAD9C19AE54BB5.job
2008-03-08 12:59:59 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-02-27 11:20:14 434 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2005-02-16 17:01:06 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-02-08 and 2008-03-08 -----------------------------

2008-03-08 12:09:34 0 d-------- C:\Program Files\180solutions
2008-03-08 12:09:33 0 d-------- C:\WINDOWS\FLEOK
2008-03-08 08:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:01:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 07:59:17 9728 --a------ C:\WINDOWS\2020search.dll
2008-03-08 07:43:10 22528 --a------ C:\WINDOWS\2020search2.dll
2008-03-08 06:55:25 0 d-------- C:\WINDOWS\system32\iDlo01
2008-03-08 06:53:08 16128 --a------ C:\WINDOWS\voiceip.dll
2008-03-08 06:53:08 29696 --a------ C:\WINDOWS\swin32.dll
2008-03-08 06:53:08 10240 --a------ C:\WINDOWS\stcloader.exe
2008-03-08 06:53:08 26624 --a------ C:\WINDOWS\cdsm32.dll
2008-03-08 06:53:08 8448 --a------ C:\WINDOWS\bokja.exe
2008-03-08 06:53:08 0 d-------- C:\Program Files\stc
2008-03-08 06:53:07 23040 --a------ C:\WINDOWS\mssvr.exe
2008-03-08 06:53:07 21504 --a------ C:\WINDOWS\mspphe.dll
2008-03-08 06:53:06 11776 --a------ C:\WINDOWS\bjam.dll
2008-03-08 06:53:05 16896 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-08 06:53:05 14080 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-08 06:53:05 0 d-------- C:\Program Files\zango
2008-03-08 06:53:05 0 d-------- C:\Program Files\seekmo
2008-03-08 06:53:05 0 d-------- C:\Program Files\180search assistant
2008-03-08 06:53:04 17920 --a------ C:\WINDOWS\updatetc.exe
2008-03-08 06:53:04 9728 --a------ C:\WINDOWS\salm.exe
2008-03-08 06:53:04 18688 --a------ C:\WINDOWS\180ax.exe
2008-03-08 06:53:04 0 d-------- C:\Program Files\180searchassistant
2008-03-08 06:53:03 27904 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-08 06:53:03 31744 --a------ C:\WINDOWS\saiemod.dll
2008-03-08 06:53:02 30720 --a------ C:\WINDOWS\msapasrc.dll
2008-03-08 06:53:02 20992 --a------ C:\WINDOWS\msa64chk.dll
2008-03-08 06:53:01 31232 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-08 06:53:00 18432 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-08 06:53:00 25856 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-08 06:53:00 10496 --a------ C:\WINDOWS\shdocpl.dll
2008-03-08 06:53:00 29184 --a------ C:\WINDOWS\ntnut.exe
2008-03-08 06:52:59 9216 --a------ C:\WINDOWS\winsb.dll
2008-03-08 06:52:59 28160 --a------ C:\WINDOWS\shdocpe.dll
2008-03-08 06:52:59 26624 --a------ C:\WINDOWS\browserad.dll
2008-03-08 06:52:59 0 d-------- C:\Program Files\Sysmnt
2008-03-08 06:52:58 14592 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-08 06:52:58 29440 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-08 06:52:58 26368 --a------ C:\WINDOWS\avifile32.dll
2008-03-08 06:52:58 18688 --a------ C:\WINDOWS\autodisc32.dll
2008-03-08 06:52:57 26880 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-08 06:52:57 16128 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-08 06:52:57 25856 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-08 06:52:56 21504 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-08 06:52:56 9472 --a------ C:\WINDOWS\athprxy32.dll
2008-03-08 06:52:56 27392 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-08 06:52:56 14080 --a------ C:\WINDOWS\asferror32.dll
2008-03-08 06:52:56 16128 --a------ C:\WINDOWS\apphelp32.dll
2008-03-08 06:40:08 3805830 --a------ C:\WINDOWS\EjelVngufF.exe
2008-03-08 06:39:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 06:39:37 88593 --a------ C:\WINDOWS\kjatopid.exe <Not Verified; Microsoft; runbll>
2008-03-08 06:39:35 34304 --a------ C:\WINDOWS\azabqbkr.exe
2008-03-08 06:39:34 0 d-------- C:\WINDOWS\trwnrecd
2008-03-08 06:39:34 0 d-------- C:\WINDOWS\PerfInfo
2008-03-08 06:39:31 201216 --a------ C:\WINDOWS\gfincdst.dll
2008-03-08 06:38:44 0 d-------- C:\Program Files\Outerinfo
2008-03-08 06:38:14 60928 --a------ C:\WINDOWS\system32\kwusg.dll
2008-03-08 06:37:52 0 d-------- C:\Program Files\QdrPack
2008-03-08 06:37:37 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-08 06:37:24 88587 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-08 06:37:23 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-03-08 06:37:20 0 d-------- C:\Program Files\QdrModule
2008-03-08 06:37:15 0 d-------- C:\Program Files\QdrDrive
2008-03-08 06:37:13 0 d-------- C:\Program Files\s?stem32
2008-03-08 06:37:10 0 d-------- C:\Program Files\ISM
2008-03-05 13:43:16 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-02-26 07:47:59 0 d-------- C:\Documents and Settings\Trish\Application Data\AVG7


-- Find3M Report ---------------------------------------------------------------

2008-03-08 18:05:04 0 d-------- C:\Program Files\Trend Micro
2008-03-08 17:26:45 0 d-------- C:\Documents and Settings\erin\Application Data\AVG7
2008-03-08 17:23:56 0 d-------- C:\Documents and Settings\erin\Application Data\stickies
2008-03-08 14:18:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-08 08:04:03 0 d-------- C:\Program Files\Lavasoft
2008-03-08 08:01:29 0 d-------- C:\Program Files\Common Files
2008-03-08 06:37:14 0 d-------- C:\Program Files\s?stem32
2008-03-06 18:51:18 0 d-------- C:\Documents and Settings\erin\Application Data\uTorrent
2008-02-29 21:59:22 95929 --a------ C:\logfile
2008-02-29 15:08:08 0 d-------- C:\Documents and Settings\erin\Application Data\Real
2008-02-17 21:32:45 964 --a------ C:\WINDOWS\mozver.dat
2008-02-06 10:21:14 0 d-------- C:\Documents and Settings\erin\Application Data\Dvd Nurb
2008-02-03 20:40:55 0 d-------- C:\Documents and Settings\erin\Application Data\U3
2008-01-29 22:35:20 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-29 22:34:32 0 d-------- C:\Program Files\Red Kawa
2008-01-21 02:53:14 0 d-------- C:\Program Files\Dvd Nurb
2008-01-18 21:46:13 0 d-------- C:\Program Files\WinZix
2008-01-02 23:14:39 61678 --a------ C:\Documents and Settings\erin\Application Data\PFP100JPR.{PB
2008-01-02 23:14:39 12358 --a------ C:\Documents and Settings\erin\Application Data\PFP100JCM.{PB


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DDF6887-C916-4B3B-A4DC-9B44D529BCF0}]
C:\Program Files\Lavasoft\nixyzebilC:\DOCUME~1\Trish\LOCALS~1\Temp\CEMG555077.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69309AC6-5A25-77FF-5314-5800CCC588BF}]
01/28/2008 11:29 AM 60928 --a------ C:\WINDOWS\system32\kwusg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
03/06/2008 07:45 PM 204800 --a------ C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" []
"sys02007436727"="C:\WINDOWS\sys02007436727.exe" []
"mpw801a3"="w4b4a3af.dll" []
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [09/11/2007 12:43 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"BIND SUPPORT SEEK FIRST"="C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe" [03/08/2008 02:03 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/04/2008 03:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LOVE BIKE"="C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/23/2007 04:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\erin\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [3/8/2007 11:28:19 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{101901FF-0AE9-1033-1008-030301300001}"="C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001}\Update.exe" mc-110-12-0000137

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^StickyNote.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\StickyNote.lnk
backup=C:\WINDOWS\pss\StickyNote.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\UMAX VistaAccess.lnk
backup=C:\WINDOWS\pss\UMAX VistaAccess.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD]
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jirqn]
C:\WINDOWS\jirqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAS CfgWiz]
"C:\Program Files\Norton AntiSpam\cfgwiz.exe" /GUID {F33241DD-712F-4539-B87F-4C4FE20A877E} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\temp\salm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stratas]
lockx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Spyware Killer]
"C:\Program Files\TheSpywareKiller\TheSpywareKiller.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vdmredir]
C:\WINDOWS\system32\vdmredir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]
C:\Program Files\Windows AdControl\WinAdCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e4a0cf-fa4a-11d7-a08c-0007e972c4c2}]
AutoRun\command- F:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-08 18:06:14 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 510.98 MiB / 220.78 MiB
Pagefile Memory (total/avail): 1247.5 MiB / 821.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.84 GiB total, 5.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 55.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.518 v7.5.518 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:eDonkey2000 Application"
"C:\\WINDOWS\\system32"="C:\\WINDOWS\\system32:*:Enabled:lockx"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\erin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRISH-JRC1MF5KC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\erin
LOGONSERVER=\\TRISH-JRC1MF5KC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\erin\LOCALS~1\Temp
TMP=C:\DOCUME~1\erin\LOCALS~1\Temp
USERDOMAIN=TRISH-JRC1MF5KC
USERNAME=erin
USERPROFILE=C:\Documents and Settings\erin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Trish (admin)
erin (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adaptec Easy CD Creator 4 --> "C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.1.16.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{349BB121-EDE7-4E86-9698-182FC14B84B6} /l1033
ATI Multimedia Center 8.1.16.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{77792D6B-6505-4B64-842D-58864D2FA797} /l1033
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Celtx (0.9.9.1) --> C:\Program Files\Celtx\uninstall\uninst.exe
CiD Help --> C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe -uninstall
CloneCD --> "C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide --> C:\Program Files\epson\guide\spr300_e\uninstall.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EZShowtime MMS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}\Setup.exe"
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
GoldWave v5.09 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.09" "C:\Program Files\GoldWave\unstall.log"
GUIDE PLUS+™ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iLumina Bible --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF0F5955-FC76-4F85-A13D-C9A8A9A5E067}\Setup.exe" -l0x9
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iPod for Windows 2005-02-07 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190001_25ca2646\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Z54 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBHUN5C.EXE -dLexmark Z54
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Memorex Solid State Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3C53A4-7568-450C-B31D-2EB219994024}\Setup.exe" -l0x9
Memorex Solid State Digital Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBEC99F0-A1CD-47FD-8967-E2673FE897C2}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft PowerPoint 2000 --> MsiExec.exe /I{00130409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton AntiSpam --> MsiExec.exe /I{2AF8F503-8B5E-4158-A6D6-1D99E6544B16}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! ImageFolio LE --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\ImgFolio\DeIsL1.isu"
Presto! PageType --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio VideoWave Movie Creator --> MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
Search Bar --> regsvr32 /u /s "C:\Program Files\Deskbar\deskbar.dll"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Stickies 6.0c --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0c
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TMPGEnc DVD Author 1.5 --> MsiExec.exe /I{49062DAB-7009-4EBD-903A-830B283407C4}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log&quo
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello thinkingreverse

Welcome to G2Go. :)
=====================
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\mgmrwmrv.exe
    C:\WINDOWS\system32\kwusg.dll
    C:\Program Files\QdrDrive
    C:\WINDOWS\sys02007436727.exe
    C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe
    C:\Documents and Settings\All Users\Application Data\dumb pure bind support
    C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe
    C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1
    C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001}
    C:\WINDOWS\Tasks\B4EAD9C19AE54BB5.job
    C:\Program Files\180solutions
    C:\WINDOWS\FLEOK
    C:\WINDOWS\2020search.dll
    C:\WINDOWS\2020search2.dll
    C:\WINDOWS\system32\iDlo01
    C:\WINDOWS\voiceip.dll
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\stcloader.exe
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\bokja.exe
    C:\WINDOWS\system32\WER8274.DLL
    C:\WINDOWS\mssvr.exe
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\system32\MSIXU.DLL
    :\Program Files\zango
    C:\Program Files\seekmo
    C:\Program Files\180search assistant
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\salm.exe
    C:\WINDOWS\180ax.exe
    C:\Program Files\180searchassistant
    C:\WINDOWS\system32\MSNSA32.dll
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\msapasrc.dll
    C:\WINDOWS\msa64chk.dll
    C:\WINDOWS\system32\SIPSPI32.dll
    C:\WINDOWS\system32\shdocpe.dll
    C:\WINDOWS\system32\ntnut32.exe
    C:\WINDOWS\shdocpl.dll
    C:\WINDOWS\ntnut.exe
    C:\WINDOWS\winsb.dll
    C:\WINDOWS\shdocpe.dll
    C:\WINDOWS\browserad.dll
    C:\Program Files\Sysmnt
    C:\WINDOWS\aviwrap32.dll
    C:\WINDOWS\avisynthex32.dll
    C:\WINDOWS\avifile32.dll
    C:\WINDOWS\autodisc32.dll
    C:\WINDOWS\audiosrv32.dll
    C:\WINDOWS\ati2dvag32.dll
    C:\WINDOWS\ati2dvaa32.dll
    C:\WINDOWS\changeurl_30.dll
    C:\WINDOWS\athprxy32.dll
    C:\WINDOWS\asycfilt32.dll
    C:\WINDOWS\asferror32.dll
    C:\WINDOWS\apphelp32.dll
    C:\WINDOWS\EjelVngufF.exe
    C:\Documents and Settings\All Users\Application Data\Rabio
    C:\WINDOWS\kjatopid.exe 
    C:\WINDOWS\azabqbkr.exe
    C:\WINDOWS\trwnrecd
    C:\WINDOWS\PerfInfo
    C:\WINDOWS\gfincdst.dll
    C:\Program Files\Outerinfo
    C:\WINDOWS\system32\kwusg.dll
    C:\Program Files\QdrPack
    C:\WINDOWS\system32\winfrun32.bin
    C:\WINDOWS\system32\mgmrwmrv.exe 
    C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
    C:\Program Files\QdrModule
    C:\Program Files\QdrDrive
    C:\Program Files\ISM
    C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================
Then::

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
thinkingreverse

thinkingreverse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for responding so quickly! And for the welcome. :)


[Custom Input]
< C:\WINDOWS\system32\mgmrwmrv.exe >
C:\WINDOWS\system32\mgmrwmrv.exe moved successfully.
< C:\WINDOWS\system32\kwusg.dll >
C:\WINDOWS\system32\kwusg.dll unregistered successfully.
C:\WINDOWS\system32\kwusg.dll moved successfully.
< C:\Program Files\QdrDrive >
C:\Program Files\QdrDrive moved successfully.
< C:\WINDOWS\sys02007436727.exe >
File/Folder C:\WINDOWS\sys02007436727.exe not found.
< C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe >
C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe moved successfully.
< C:\Documents and Settings\All Users\Application Data\dumb pure bind support >
C:\Documents and Settings\All Users\Application Data\dumb pure bind support moved successfully.
< C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe >
File/Folder C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe not found.
< C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1 >
C:\DOCUME~1\erin\APPLIC~1\Dvd Nurb moved successfully.
< C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001} >
C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001} moved successfully.
< C:\WINDOWS\Tasks\B4EAD9C19AE54BB5.job >
C:\WINDOWS\Tasks\B4EAD9C19AE54BB5.job moved successfully.
< C:\Program Files\180solutions >
C:\Program Files\180solutions moved successfully.
< C:\WINDOWS\FLEOK >
C:\WINDOWS\FLEOK moved successfully.
< C:\WINDOWS\2020search.dll >
LoadLibrary failed for C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search.dll NOT unregistered.
C:\WINDOWS\2020search.dll moved successfully.
< C:\WINDOWS\2020search2.dll >
LoadLibrary failed for C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search2.dll NOT unregistered.
C:\WINDOWS\2020search2.dll moved successfully.
< C:\WINDOWS\system32\iDlo01 >
C:\WINDOWS\system32\iDlo01 moved successfully.
< C:\WINDOWS\voiceip.dll >
LoadLibrary failed for C:\WINDOWS\voiceip.dll
C:\WINDOWS\voiceip.dll NOT unregistered.
C:\WINDOWS\voiceip.dll moved successfully.
< C:\WINDOWS\swin32.dll >
LoadLibrary failed for C:\WINDOWS\swin32.dll
C:\WINDOWS\swin32.dll NOT unregistered.
C:\WINDOWS\swin32.dll moved successfully.
< C:\WINDOWS\stcloader.exe >
C:\WINDOWS\stcloader.exe moved successfully.
< C:\WINDOWS\cdsm32.dll >
LoadLibrary failed for C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cdsm32.dll NOT unregistered.
C:\WINDOWS\cdsm32.dll moved successfully.
< C:\WINDOWS\bokja.exe >
C:\WINDOWS\bokja.exe moved successfully.
< C:\WINDOWS\system32\WER8274.DLL >
LoadLibrary failed for C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\WER8274.DLL NOT unregistered.
C:\WINDOWS\system32\WER8274.DLL moved successfully.
< C:\WINDOWS\mssvr.exe >
C:\WINDOWS\mssvr.exe moved successfully.
< C:\WINDOWS\mspphe.dll >
LoadLibrary failed for C:\WINDOWS\mspphe.dll
C:\WINDOWS\mspphe.dll NOT unregistered.
C:\WINDOWS\mspphe.dll moved successfully.
< C:\WINDOWS\bjam.dll >
LoadLibrary failed for C:\WINDOWS\bjam.dll
C:\WINDOWS\bjam.dll NOT unregistered.
C:\WINDOWS\bjam.dll moved successfully.
< C:\WINDOWS\system32\MSIXU.DLL >
LoadLibrary failed for C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\MSIXU.DLL NOT unregistered.
C:\WINDOWS\system32\MSIXU.DLL moved successfully.
< :\Program Files\zango >
File/Folder :\Program Files\zango not found.
< C:\Program Files\seekmo >
C:\Program Files\seekmo moved successfully.
< C:\Program Files\180search assistant >
C:\Program Files\180search assistant moved successfully.
< C:\WINDOWS\updatetc.exe >
C:\WINDOWS\updatetc.exe moved successfully.
< C:\WINDOWS\salm.exe >
C:\WINDOWS\salm.exe moved successfully.
< C:\WINDOWS\180ax.exe >
C:\WINDOWS\180ax.exe moved successfully.
< C:\Program Files\180searchassistant >
C:\Program Files\180searchassistant moved successfully.
< C:\WINDOWS\system32\MSNSA32.dll >
LoadLibrary failed for C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\MSNSA32.dll NOT unregistered.
C:\WINDOWS\system32\MSNSA32.dll moved successfully.
< C:\WINDOWS\saiemod.dll >
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
< C:\WINDOWS\msapasrc.dll >
LoadLibrary failed for C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msapasrc.dll NOT unregistered.
C:\WINDOWS\msapasrc.dll moved successfully.
< C:\WINDOWS\msa64chk.dll >
LoadLibrary failed for C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msa64chk.dll NOT unregistered.
C:\WINDOWS\msa64chk.dll moved successfully.
< C:\WINDOWS\system32\SIPSPI32.dll >
LoadLibrary failed for C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\SIPSPI32.dll NOT unregistered.
C:\WINDOWS\system32\SIPSPI32.dll moved successfully.
< C:\WINDOWS\system32\shdocpe.dll >
LoadLibrary failed for C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\shdocpe.dll NOT unregistered.
C:\WINDOWS\system32\shdocpe.dll moved successfully.
< C:\WINDOWS\system32\ntnut32.exe >
C:\WINDOWS\system32\ntnut32.exe moved successfully.
< C:\WINDOWS\shdocpl.dll >
LoadLibrary failed for C:\WINDOWS\shdocpl.dll
C:\WINDOWS\shdocpl.dll NOT unregistered.
C:\WINDOWS\shdocpl.dll moved successfully.
< C:\WINDOWS\ntnut.exe >
C:\WINDOWS\ntnut.exe moved successfully.
< C:\WINDOWS\winsb.dll >
LoadLibrary failed for C:\WINDOWS\winsb.dll
C:\WINDOWS\winsb.dll NOT unregistered.
C:\WINDOWS\winsb.dll moved successfully.
< C:\WINDOWS\shdocpe.dll >
LoadLibrary failed for C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpe.dll NOT unregistered.
C:\WINDOWS\shdocpe.dll moved successfully.
< C:\WINDOWS\browserad.dll >
LoadLibrary failed for C:\WINDOWS\browserad.dll
C:\WINDOWS\browserad.dll NOT unregistered.
C:\WINDOWS\browserad.dll moved successfully.
< C:\Program Files\Sysmnt >
C:\Program Files\Sysmnt moved successfully.
< C:\WINDOWS\aviwrap32.dll >
LoadLibrary failed for C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\aviwrap32.dll NOT unregistered.
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome please do continue with combofix Thanks :)
  • 0

#5
thinkingreverse

thinkingreverse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Agh, I'm sorry. I got so excited I looked right past that. I'm sorry!


ComboFix 08-03-07.4 - erin 2008-03-08 19:06:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -5:00]Running from: C:\Documents and Settings\erin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Trish\Desktop\searchus.exe
C:\Documents and Settings\Trish\My Documents\CROSOF~1
C:\Documents and Settings\Trish\My Documents\CROSOF~1\dllhost.exe
C:\Documents and Settings\Trish\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Trish\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Trish\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Trish\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Trish\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Trish\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\deskbar
C:\Program Files\deskbar\about.html
C:\Program Files\deskbar\deskbar.crc
C:\Program Files\deskbar\deskbar.inf
C:\Program Files\deskbar\icons.bmp
C:\Program Files\deskbar\inst.bat
C:\Program Files\deskbar\mbback.bmp
C:\Program Files\deskbar\mbbigopen.bmp
C:\Program Files\deskbar\mbclose.bmp
C:\Program Files\deskbar\mbfwd.bmp
C:\Program Files\deskbar\mblogo.bmp
C:\Program Files\deskbar\mbsep.bmp
C:\Program Files\deskbar\options.html
C:\Program Files\deskbar\softomate.gif
C:\Program Files\deskbar\version.txt
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\winupdates
C:\Temp\sanR24
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\b.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\msdirectx


((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 19:10 . 2008-03-08 19:14 <DIR> d-------- C:\Program Files\seekmo
2008-03-08 18:57 . 2008-03-08 18:57 <DIR> d-------- C:\Program Files\180solutions
2008-03-08 18:57 . 2008-03-08 18:57 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-08 18:57 . 2008-03-08 18:57 <DIR> d-------- C:\Program Files\180search assistant
2008-03-08 18:56 . 2008-03-08 18:56 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-08 18:56 . 2008-03-08 18:56 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-08 18:55 . 2008-03-08 18:55 <DIR> d-------- C:\_OTMoveIt
2008-03-08 18:26 . 2008-03-08 18:27 <DIR> d-------- C:\Program Files\SecondLife
2008-03-08 18:00 . 2008-03-08 18:00 <DIR> d-------- C:\Deckard
2008-03-08 08:04 . 2008-03-08 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:01 . 2008-03-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 07:34 . 2008-03-08 07:34 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-03-08 06:53 . 2008-03-08 06:53 <DIR> d-------- C:\Program Files\zango
2008-03-08 06:53 . 2008-03-08 06:53 <DIR> d-------- C:\Program Files\stc
2008-03-08 06:53 . 2008-03-08 06:53 27,904 --a------ C:\WINDOWS\123messenger.per
2008-03-08 06:53 . 2008-03-08 06:53 15,872 --a------ C:\WINDOWS\didduid.ini
2008-03-08 06:37 . 2008-03-08 06:37 295,819 --a------ C:\WINDOWS\system32\L238E.tmp
2008-02-26 07:47 . 2008-03-08 08:00 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\AVG7
2008-02-09 16:19 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-09 16:19 . 2004-08-04 02:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-09 16:19 . 2004-08-04 00:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-09 16:19 . 2004-08-04 00:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-09 16:19 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-09 16:19 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 00:14 --------- d-----w C:\Documents and Settings\erin\Application Data\stickies
2008-03-09 00:11 32,000 ----a-w C:\WINDOWS\swin32.dll
2008-03-09 00:11 31,488 ----a-w C:\WINDOWS\cdsm32.dll
2008-03-09 00:11 29,440 ----a-w C:\WINDOWS\bokja.exe
2008-03-09 00:11 27,648 ----a-w C:\WINDOWS\voiceip.dll
2008-03-09 00:11 27,136 ----a-w C:\WINDOWS\bjam.dll
2008-03-09 00:11 26,368 ----a-w C:\WINDOWS\mssvr.exe
2008-03-09 00:11 24,064 ----a-w C:\WINDOWS\stcloader.exe
2008-03-09 00:11 21,248 ----a-w C:\WINDOWS\mspphe.dll
2008-03-09 00:10 9,472 ----a-w C:\WINDOWS\updatetc.exe
2008-03-09 00:10 29,696 ----a-w C:\WINDOWS\180ax.exe
2008-03-09 00:10 27,136 ----a-w C:\WINDOWS\salm.exe
2008-03-09 00:10 25,088 ----a-w C:\WINDOWS\2020search2.dll
2008-03-09 00:10 15,104 ----a-w C:\WINDOWS\saiemod.dll
2008-03-09 00:10 14,336 ----a-w C:\WINDOWS\2020search.dll
2008-03-08 23:05 --------- d-----w C:\Program Files\Trend Micro
2008-03-08 22:26 --------- d-----w C:\Documents and Settings\erin\Application Data\AVG7
2008-03-08 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 13:04 --------- d-----w C:\Program Files\Lavasoft
2008-03-06 23:51 --------- d-----w C:\Documents and Settings\erin\Application Data\uTorrent
2008-02-05 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-05 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-04 20:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 01:40 --------- d-----w C:\Documents and Settings\erin\Application Data\U3
2008-02-01 13:31 --------- d-----w C:\Documents and Settings\Trish\Application Data\Dvd Nurb
2008-01-30 03:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-30 03:34 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 07:53 --------- d-----w C:\Program Files\Dvd Nurb
2008-01-19 02:46 --------- d-----w C:\Program Files\WinZix
2007-06-04 01:46 23,892 ----a-w C:\WINDOWS\Fonts\dyers_eve.zip
2007-06-04 01:45 88,367 ----a-w C:\WINDOWS\Fonts\artistamp.zip
2007-06-04 01:45 109,626 ----a-w C:\WINDOWS\Fonts\laundromat_1967.zip
2007-06-04 01:44 175,871 ----a-w C:\WINDOWS\Fonts\la_hotel_viver.zip
2007-06-04 01:43 32,312 ----a-w C:\WINDOWS\Fonts\requiem.zip
2007-06-04 01:43 23,043 ----a-w C:\WINDOWS\Fonts\kwaliteit.zip
2006-12-17 20:22 5,632 --sha-w C:\Program Files\Thumbs.db
2006-08-24 22:45 517 ----a-w C:\Program Files\Common Files\nigyp
2006-08-24 22:43 232 ----a-w C:\Documents and Settings\erin\jkjkj.bat
2006-08-23 06:22 5,446,320 ----a-w C:\Program Files\Shockwave_Installer_Full.exe
2006-08-14 03:14 382,054,505 ----a-w C:\Program Files\PSE_40_WWE_TRYBUY.zip
2006-07-21 08:00 24,987 ----a-w C:\WINDOWS\Fonts\circus.zip
2006-07-21 07:59 68,634 ----a-w C:\WINDOWS\Fonts\by_starlight.zip
2006-07-21 07:57 123,659 ----a-w C:\WINDOWS\Fonts\nemo.zip
2006-07-21 07:56 24,996 ----a-w C:\WINDOWS\Fonts\latchboy.zip
2006-07-21 07:54 23,180 ----a-w C:\WINDOWS\Fonts\miss_brooks.zip
2006-07-21 07:53 75,601 ----a-w C:\WINDOWS\Fonts\hurricane_supadupas.zip
2006-07-21 07:52 42,504 ----a-w C:\WINDOWS\Fonts\enchanted_prairie_d.zip
2006-07-07 07:06 1,413,233 ----a-w C:\Program Files\setup.exe
2006-07-06 04:55 39,673 ----a-w C:\WINDOWS\Fonts\uncle_typewriter.zip
2006-07-06 04:54 76,136 ----a-w C:\WINDOWS\Fonts\gutter_vomit.zip
2006-07-06 04:53 29,424 ----a-w C:\WINDOWS\Fonts\1942_report.zip
2006-07-06 04:52 700,096 ----a-w C:\WINDOWS\Fonts\vinca_stencil.zip
2006-07-06 04:52 28,730 ----a-w C:\WINDOWS\Fonts\product.zip
2006-07-06 04:51 81,731 ----a-w C:\WINDOWS\Fonts\cartaz.zip
2006-07-06 04:50 10,967 ----a-w C:\WINDOWS\Fonts\boston_traffic.zip
2006-06-05 06:08 10,043 ----a-w C:\WINDOWS\Fonts\ancient_geek.zip
2006-05-17 06:20 17 ----a-w C:\Program Files\d.bat
2006-05-05 03:35 11,413 ----a-w C:\WINDOWS\Fonts\spongefont_square_t.zip
2006-03-06 01:36 381,255 ----a-w C:\Program Files\destinymp3.exe
2005-12-31 00:58 53,177 ----a-w C:\WINDOWS\Fonts\4yeohearts.zip
2005-12-17 23:43 24,751 ----a-w C:\WINDOWS\Fonts\rocky.zip
2005-12-17 23:39 86,169 ----a-w C:\WINDOWS\Fonts\american_life.zip
2005-12-17 23:39 25,629 ----a-w C:\WINDOWS\Fonts\distillers.zip
2005-12-17 23:35 43,683 ----a-w C:\WINDOWS\Fonts\kinkee.zip
2005-12-17 23:34 44,606 ----a-w C:\WINDOWS\Fonts\dj_candy_heart.zip
2005-12-17 23:32 16,416 ----a-w C:\WINDOWS\Fonts\confetti.zip
2005-12-17 23:31 108,130 ----a-w C:\WINDOWS\Fonts\risus_lcb_kringleba.zip
2005-12-17 23:30 29,393 ----a-w C:\WINDOWS\Fonts\rackham_holiday_orn.zip
2005-12-17 23:29 238,755 ----a-w C:\WINDOWS\Fonts\faux_snow.zip
2005-12-17 23:28 56,526 ----a-w C:\WINDOWS\Fonts\christmas_flakes.zip
2005-12-17 23:26 22,154 ----a-w C:\WINDOWS\Fonts\christmas_on_crack.zip
2005-08-08 03:29 260 ----a-w C:\Program Files\12658_2_17_05.asx
2005-08-08 01:50 259 ----a-w C:\Program Files\28782_2_4_05.asx
2005-08-08 01:44 259 ----a-w C:\Program Files\29634_1_9_05.asx
2005-08-07 19:36 146 ----a-w C:\Program Files\075678364525_010_64.asx
2005-08-07 18:17 258 ----a-w C:\Program Files\29010_1_5_05.asx
2005-08-06 19:21 637,777 ----a-w C:\Program Files\lamewin32.exe
2005-08-04 21:05 260 ----a-w C:\Program Files\26208_1_3_05.asx
2005-08-04 21:01 260 ----a-w C:\Program Files\26208_1_2_05.asx
2005-05-14 02:21 10,231 ----a-w C:\WINDOWS\Fonts\billo.zip
2005-05-14 01:16 12,684 ----a-w C:\WINDOWS\Fonts\janis.zip
2005-05-14 01:15 38,078 ----a-w C:\WINDOWS\Fonts\luna_bar.zip
2005-05-14 01:15 29,291 ----a-w C:\WINDOWS\Fonts\salamander.zip
2005-05-14 01:14 46,129 ----a-w C:\WINDOWS\Fonts\angelina.zip
2005-02-08 02:50 791 ----a-w C:\Program Files\razorlame.ini
2005-02-08 02:49 340,454 ----a-w C:\Program Files\razorlame115.zip
2005-02-08 02:47 1,837,229 ----a-w C:\Program Files\gwave509.exe
2004-10-04 20:20 27,956 ----a-w C:\WINDOWS\Fonts\easily_amused.zip
2004-09-25 20:23 203,061 ----a-w C:\Program Files\AIM+Setup.exe
2004-08-21 17:30 838,881 ----a-w C:\Program Files\ldenglishgardenbed.zip
2004-08-21 03:12 10,135,688 ----a-w C:\Program Files\MPSetupXP.exe
2004-07-31 22:06 1,773,936 ----a-w C:\Program Files\gwave508.exe
2003-10-19 09:11 202,129 ----a-w C:\WINDOWS\Fonts\a_lolita_scorned.zip
2003-10-19 09:09 139,046 ----a-w C:\WINDOWS\Fonts\gartentika.zip
2003-10-19 09:06 79,738 ----a-w C:\WINDOWS\Fonts\broken_ghost.zip
2003-10-19 09:04 593,319 ----a-w C:\WINDOWS\Fonts\hvd_poster.zip
2001-12-13 01:25 4,742 ----a-w C:\Program Files\RazorLame.html
2001-12-13 01:14 5,567 ----a-w C:\Program Files\RazorLame.txt
2001-12-12 04:04 678,400 ----a-w C:\Program Files\RazorLame.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DDF6887-C916-4B3B-A4DC-9B44D529BCF0}]
C:\Program Files\Lavasoft\nixyzebilC:\DOCUME~1\Trish\LOCALS~1\Temp\CEMG555077.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LOVE BIKE"="C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 16:18 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" [ ]
"sys02007436727"="C:\WINDOWS\sys02007436727.exe" [ ]
"mpw801a3"="w4b4a3af.dll" []
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"BIND SUPPORT SEEK FIRST"="C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-04 15:56 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 15:56 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\erin\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:19 700416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{101901FF-0AE9-1033-1008-030301300001}"= "C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001}\Update.exe" mc-110-12-0000137

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^StickyNote.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\StickyNote.lnk
backup=C:\WINDOWS\pss\StickyNote.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\UMAX VistaAccess.lnk
backup=C:\WINDOWS\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-06-02 00:34 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-21 21:00 315392 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 01:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD]
--a------ 2003-12-15 13:44 245760 C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-04 03:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jirqn]
C:\WINDOWS\jirqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-09-18 23:02 7083056 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAS CfgWiz]
C:\Program Files\Norton AntiSpam\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\temp\salm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stratas]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 02:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Spyware Killer]
C:\Program Files\TheSpywareKiller\TheSpywareKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vdmredir]
C:\WINDOWS\system32\vdmredir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p C:\Program Files\WebSavingsfromEbates\System\Code Main lp: C:\Program Files\WebSavingsfromEbates

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 13:41 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]
C:\Program Files\Windows AdControl\WinAdCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 05:43]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys [2002-07-31 23:09]
S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\Trish\LOCALS~1\Temp\jnv4_mib.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e4a0cf-fa4a-11d7-a08c-0007e972c4c2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 17:59:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-27 16:20:14 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt [email protected]
"2005-02-16 22:01:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 19:15:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-08 19:27:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 00:27:24
.
2008-02-13 08:02:59 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:47 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CF15659.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silverchair.nu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4DDF6887-C916-4B3B-A4DC-9B44D529BCF0} - C:\Program Files\Lavasoft\nixyzebilC:\DOCUME~1\Trish\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [sys02007436727] C:\WINDOWS\sys02007436727.exe
O4 - HKLM\..\Run: [mpw801a3] RUNDLL32.EXE w4b4a3af.dll,n 003801a0000000034b4a3af
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\meal name.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LOVE BIKE] C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{101901FF-0AE9-1033-1008-030301300001}] "C:\Program Files\Common Files\{101901FF-0AE9-1033-1008-030301300001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 7059 bytes



____________________________________


I should make mention that everything seems to be back to normal.
The background is a-OK and there aren't any notifications or pop-ups anymore.
Does this mean my computer is squeaky clean again?

Edited by thinkingreverse, 08 March 2008 - 07:04 PM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

I should make mention that everything seems to be back to normal.
The background is a-OK and there aren't any notifications or pop-ups anymore.
Does this mean my computer is squeaky clean again?

Not quite :)
We will get there shortly though.
=======================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\swin32.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\updatetc.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\salm.exe
C:\WINDOWS\2020search2.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\2020search.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\L238E.tmp
C:\Documents and Settings\erin\jkjkj.bat
C:\WINDOWS\sys02007436727.exe
C:\WINDOWS\pss\GStartup.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
C:\WINDOWS\jirqn.exe
C:\WINDOWS\Belt.exe
C:\WINDOWS\System32\SahAgent.exe
c:\temp\salm.exe
C:\WINDOWS\system32\vdmredir.exe
C:\WINDOWS\wupdt.exe
FOlder::
C:\Program Files\seekmo
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant
C:\WINDOWS\FLEOK
C:\Program Files\Sysmnt
C:\Program Files\zango
C:\Documents and Settings\Trish\Application Data\Dvd Nurb
C:\Documents and Settings\All Users\Application Data\dumb pure bind support
C:\PROGRA~1\ezula
C:\Program Files\Internet Optimizer
C:\PROGRA~1\MyWay
C:\Program Files\WebSavingsfromEbates
C:\Program Files\Windows AdControl
C:\Program Files\Lavasoft\nixyzebilC
Dirlook::
C:\Program Files\Common Files\nigyp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DDF6887-C916-4B3B-A4DC-9B44D529BCF0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LOVE BIKE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sys02007436727"=-
"mpw801a3"=-
"BIND SUPPORT SEEK FIRST"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{101901FF-0AE9-1033-1008-030301300001}"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jirqn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stratas]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vdmredir]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
thinkingreverse

thinkingreverse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 08-03-07.4 - erin 2008-03-08 21:25:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -5:00]Running from: C:\Documents and Settings\erin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\erin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
C:\Documents and Settings\erin\jkjkj.bat
c:\temp\salm.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\Belt.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\jirqn.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\pss\GStartup.lnk
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\sys02007436727.exe
C:\WINDOWS\system32\L238E.tmp
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\system32\vdmredir.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wupdt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\erin\jkjkj.bat
C:\Documents and Settings\Trish\Application Data\Dvd Nurb
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\seekmo
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\system32\L238E.tmp

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 18:55 . 2008-03-08 18:55 <DIR> d-------- C:\_OTMoveIt
2008-03-08 18:26 . 2008-03-08 18:27 <DIR> d-------- C:\Program Files\SecondLife
2008-03-08 18:00 . 2008-03-08 18:00 <DIR> d-------- C:\Deckard
2008-03-08 08:04 . 2008-03-08 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:01 . 2008-03-08 08:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 07:34 . 2008-03-08 07:34 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-03-08 06:53 . 2008-03-08 06:53 <DIR> d-------- C:\Program Files\stc
2008-03-08 06:53 . 2008-03-08 06:53 27,904 --a------ C:\WINDOWS\123messenger.per
2008-02-26 07:47 . 2008-03-08 08:00 <DIR> d-------- C:\Documents and Settings\Trish\Application Data\AVG7
2008-02-09 16:19 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-09 16:19 . 2004-08-04 02:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-09 16:19 . 2004-08-04 00:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-09 16:19 . 2004-08-04 00:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-09 16:19 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-09 16:19 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 02:26 --------- d-----w C:\Documents and Settings\erin\Application Data\uTorrent
2008-03-09 00:16 --------- d-----w C:\Documents and Settings\erin\Application Data\stickies
2008-03-08 23:05 --------- d-----w C:\Program Files\Trend Micro
2008-03-08 22:26 --------- d-----w C:\Documents and Settings\erin\Application Data\AVG7
2008-03-08 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 13:04 --------- d-----w C:\Program Files\Lavasoft
2008-02-05 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-05 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-04 20:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-04 01:40 --------- d-----w C:\Documents and Settings\erin\Application Data\U3
2008-01-30 03:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-30 03:34 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 07:53 --------- d-----w C:\Program Files\Dvd Nurb
2008-01-19 02:46 --------- d-----w C:\Program Files\WinZix
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-06-04 01:46 23,892 ----a-w C:\WINDOWS\Fonts\dyers_eve.zip
2007-06-04 01:45 88,367 ----a-w C:\WINDOWS\Fonts\artistamp.zip
2007-06-04 01:45 109,626 ----a-w C:\WINDOWS\Fonts\laundromat_1967.zip
2007-06-04 01:44 175,871 ----a-w C:\WINDOWS\Fonts\la_hotel_viver.zip
2007-06-04 01:43 32,312 ----a-w C:\WINDOWS\Fonts\requiem.zip
2007-06-04 01:43 23,043 ----a-w C:\WINDOWS\Fonts\kwaliteit.zip
2006-12-17 20:22 5,632 --sha-w C:\Program Files\Thumbs.db
2006-08-24 22:45 517 ----a-w C:\Program Files\Common Files\nigyp
2006-08-23 06:22 5,446,320 ----a-w C:\Program Files\Shockwave_Installer_Full.exe
2006-08-14 03:14 382,054,505 ----a-w C:\Program Files\PSE_40_WWE_TRYBUY.zip
2006-07-21 08:00 24,987 ----a-w C:\WINDOWS\Fonts\circus.zip
2006-07-21 07:59 68,634 ----a-w C:\WINDOWS\Fonts\by_starlight.zip
2006-07-21 07:57 123,659 ----a-w C:\WINDOWS\Fonts\nemo.zip
2006-07-21 07:56 24,996 ----a-w C:\WINDOWS\Fonts\latchboy.zip
2006-07-21 07:54 23,180 ----a-w C:\WINDOWS\Fonts\miss_brooks.zip
2006-07-21 07:53 75,601 ----a-w C:\WINDOWS\Fonts\hurricane_supadupas.zip
2006-07-21 07:52 42,504 ----a-w C:\WINDOWS\Fonts\enchanted_prairie_d.zip
2006-07-07 07:06 1,413,233 ----a-w C:\Program Files\setup.exe
2006-07-06 04:55 39,673 ----a-w C:\WINDOWS\Fonts\uncle_typewriter.zip
2006-07-06 04:54 76,136 ----a-w C:\WINDOWS\Fonts\gutter_vomit.zip
2006-07-06 04:53 29,424 ----a-w C:\WINDOWS\Fonts\1942_report.zip
2006-07-06 04:52 700,096 ----a-w C:\WINDOWS\Fonts\vinca_stencil.zip
2006-07-06 04:52 28,730 ----a-w C:\WINDOWS\Fonts\product.zip
2006-07-06 04:51 81,731 ----a-w C:\WINDOWS\Fonts\cartaz.zip
2006-07-06 04:50 10,967 ----a-w C:\WINDOWS\Fonts\boston_traffic.zip
2006-06-05 06:08 10,043 ----a-w C:\WINDOWS\Fonts\ancient_geek.zip
2006-05-17 06:20 17 ----a-w C:\Program Files\d.bat
2006-05-05 03:35 11,413 ----a-w C:\WINDOWS\Fonts\spongefont_square_t.zip
2006-03-06 01:36 381,255 ----a-w C:\Program Files\destinymp3.exe
2005-12-31 00:58 53,177 ----a-w C:\WINDOWS\Fonts\4yeohearts.zip
2005-12-17 23:43 24,751 ----a-w C:\WINDOWS\Fonts\rocky.zip
2005-12-17 23:39 86,169 ----a-w C:\WINDOWS\Fonts\american_life.zip
2005-12-17 23:39 25,629 ----a-w C:\WINDOWS\Fonts\distillers.zip
2005-12-17 23:35 43,683 ----a-w C:\WINDOWS\Fonts\kinkee.zip
2005-12-17 23:34 44,606 ----a-w C:\WINDOWS\Fonts\dj_candy_heart.zip
2005-12-17 23:32 16,416 ----a-w C:\WINDOWS\Fonts\confetti.zip
2005-12-17 23:31 108,130 ----a-w C:\WINDOWS\Fonts\risus_lcb_kringleba.zip
2005-12-17 23:30 29,393 ----a-w C:\WINDOWS\Fonts\rackham_holiday_orn.zip
2005-12-17 23:29 238,755 ----a-w C:\WINDOWS\Fonts\faux_snow.zip
2005-12-17 23:28 56,526 ----a-w C:\WINDOWS\Fonts\christmas_flakes.zip
2005-12-17 23:26 22,154 ----a-w C:\WINDOWS\Fonts\christmas_on_crack.zip
2005-08-08 03:29 260 ----a-w C:\Program Files\12658_2_17_05.asx
2005-08-08 01:50 259 ----a-w C:\Program Files\28782_2_4_05.asx
2005-08-08 01:44 259 ----a-w C:\Program Files\29634_1_9_05.asx
2005-08-07 19:36 146 ----a-w C:\Program Files\075678364525_010_64.asx
2005-08-07 18:17 258 ----a-w C:\Program Files\29010_1_5_05.asx
2005-08-06 19:21 637,777 ----a-w C:\Program Files\lamewin32.exe
2005-08-04 21:05 260 ----a-w C:\Program Files\26208_1_3_05.asx
2005-08-04 21:01 260 ----a-w C:\Program Files\26208_1_2_05.asx
2005-05-14 02:21 10,231 ----a-w C:\WINDOWS\Fonts\billo.zip
2005-05-14 01:16 12,684 ----a-w C:\WINDOWS\Fonts\janis.zip
2005-05-14 01:15 38,078 ----a-w C:\WINDOWS\Fonts\luna_bar.zip
2005-05-14 01:15 29,291 ----a-w C:\WINDOWS\Fonts\salamander.zip
2005-05-14 01:14 46,129 ----a-w C:\WINDOWS\Fonts\angelina.zip
2005-02-08 02:50 791 ----a-w C:\Program Files\razorlame.ini
2005-02-08 02:49 340,454 ----a-w C:\Program Files\razorlame115.zip
2005-02-08 02:47 1,837,229 ----a-w C:\Program Files\gwave509.exe
2004-10-04 20:20 27,956 ----a-w C:\WINDOWS\Fonts\easily_amused.zip
2004-09-25 20:23 203,061 ----a-w C:\Program Files\AIM+Setup.exe
2004-08-21 17:30 838,881 ----a-w C:\Program Files\ldenglishgardenbed.zip
2004-08-21 03:12 10,135,688 ----a-w C:\Program Files\MPSetupXP.exe
2004-07-31 22:06 1,773,936 ----a-w C:\Program Files\gwave508.exe
2003-10-19 09:11 202,129 ----a-w C:\WINDOWS\Fonts\a_lolita_scorned.zip
2003-10-19 09:09 139,046 ----a-w C:\WINDOWS\Fonts\gartentika.zip
2003-10-19 09:06 79,738 ----a-w C:\WINDOWS\Fonts\broken_ghost.zip
2003-10-19 09:04 593,319 ----a-w C:\WINDOWS\Fonts\hvd_poster.zip
2001-12-13 01:25 4,742 ----a-w C:\Program Files\RazorLame.html
2001-12-13 01:14 5,567 ----a-w C:\Program Files\RazorLame.txt
2001-12-12 04:04 678,400 ----a-w C:\Program Files\RazorLame.exe
2001-03-27 00:25 1,185 ----a-w C:\Program Files\RazorLame.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Common Files\nigyp ----

C:\Program Files\Common Files\nigyp\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LOVE BIKE"="C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 16:18 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" [ ]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-04 15:56 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 15:56 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\erin\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:19 700416]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^StickyNote.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\StickyNote.lnk
backup=C:\WINDOWS\pss\StickyNote.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Trish^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
path=C:\Documents and Settings\Trish\Start Menu\Programs\Startup\UMAX VistaAccess.lnk
backup=C:\WINDOWS\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-06-02 00:34 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-01-21 21:00 315392 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 01:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD]
--a------ 2003-12-15 13:44 245760 C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-04 03:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-09-18 23:02 7083056 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAS CfgWiz]
C:\Program Files\Norton AntiSpam\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 02:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Spyware Killer]
C:\Program Files\TheSpywareKiller\TheSpywareKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 13:41 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 05:43]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys [2002-07-31 23:09]
S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\Trish\LOCALS~1\Temp\jnv4_mib.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e4a0cf-fa4a-11d7-a08c-0007e972c4c2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 17:59:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-27 16:20:14 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt [email protected]
"2005-02-16 22:01:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 21:31:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 21:32:28
ComboFix-quarantined-files.txt 2008-03-09 02:32:06
ComboFix2.txt 2008-03-09 00:27:29
.
2008-02-13 08:02:59 --- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:01 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silverchair.nu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LOVE BIKE] C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn....FreeInstall.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 6308 bytes
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKCU\..\Run: [LOVE BIKE] C:\DOCUME~1\erin\APPLIC~1\DVDNUR~1\Help 2.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)



Now click on Fix Checked and then close Hijackthis.
==================================
Next please go to Start>My Computer> Program Files then find and delete this folder>C:\Program Files\Dvd Nurb
================================
After that Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#9
thinkingreverse

thinkingreverse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malwarebytes' Anti-Malware 1.07
Database version: 471

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 123716
Time elapsed: 50 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\Trish\Desktop\SearchUs.exe.vir (Trojan.TagASaurus) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Trish\My Documents\CROSOF~1\dllhost.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB268D15-A382-4BBF-AD3D-3CFF97495BD4}\RP2\A0000039.exe (Trojan.TagASaurus) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\QdrDrive\qdrloader.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\QdrPack\QdrPack13.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03082008_185522\WINDOWS\system32\kwusg.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trish\Desktop\Click To Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great :)

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
thinkingreverse

thinkingreverse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 8:52:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 619608
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 92469
Number of viruses found: 8
Number of infected objects: 17
Number of suspicious objects: 6
Duration of the scan process: 02:00:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26dd5054c412ac6f92775a61647161bd_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a7ef45eea639b4c6f8de8246a66d990_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\335a0e006a724e9e6715d7962da4ce6d_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40e2046c88408c53e87a5d917431a8f0_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\980d3b5c75fee6f541379c98a334d743_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99e253bef1e83f2f95e2cd429154d706_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9c371b0f5ed9d4806d80b1230c84a45_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df0cd741cfa331465366aad42cc2e0b6_e3008636-1980-4ed7-80a6-703f595b59d4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase7.zip/sais.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase9.zip/sais.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\cert8.db Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\history.dat Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\key3.db Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\parent.lock Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\search.sqlite Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\erin\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6181525e.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-6181525e.zip ZIP: infected - 1 skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a5d57d0-54f58372.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4a5d57d0-54f58372.zip ZIP: infected - 1 skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-51c97e9a.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-51c97e9a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-3427d939.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\erin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-3427d939.zip ZIP: infected - 1 skipped
C:\Documents and Settings\erin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zu5ao3gh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\erin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\erin\Local Settings\History\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Temp\alm.log Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Temp\amt.log Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Temp\Photoshop Temp48666792716 Object is locked skipped
C:\Documents and Settings\erin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\erin\My Documents\Moosic!\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\erin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\erin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe PCD\cache\cache.db Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe PCD\pcd.db Object is locked skipped
C:\Program Files\Common Files\Adobe\caps\caps.db Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\install.exe.vir Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CB268D15-A382-4BBF-AD3D-3CFF97495BD4}\RP2\A0000015.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{CB268D15-A382-4BBF-AD3D-3CFF97495BD4}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\Program Files\sуstem32\chkdsk.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\WINDOWS\azabqbkr.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\WINDOWS\gfincdst.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\WINDOWS\kjatopid.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped
C:\_OTMoveIt\MovedFiles\03082008_185522\WINDOWS\system32\mgmrwmrv.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped

Scan process completed.
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Spybot again and go to the recovery section.
Delete everything in there.
===================
  • Please go to Start > Control Panel
  • on the top left hand corner will be a setting to Switch to Classic view.
  • Click that unless it is like that already.
  • Then double click on the Java icon.
  • Under the General tab at the top look at the bottom and you will see a setting called Temporary Internet Files.
  • Click on Settings and then click on Delete Files click ok at the prompt and then close out of that
=======================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.

Doing the above will remove what is left over in the Kaspersky scan
=============================================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP