Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

desktoptrojan.win32.blackbird.exe and Ping.exe


  • This topic is locked This topic is locked

#1
dboik

dboik

    Member

  • Member
  • PipPip
  • 34 posts
Been trying to clean various malware but keeps returning.
Can't access task manager (locked out by admin)
AVG keeps finding trojan horse downloader.agent.afha with file "ping.exe"
Some steps taken:
Restored from disk using Windows Backup for "Critical Back-ups" from disk several years ago.
System restore has been turned off
From Windows safe mode ran: Ad-aware, AVG, CC-Cleaner, AVG "VCleaner".

Some of the beginning steps were out of my control this is my Nieces computer and I am last call. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:05 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.airnav.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...7AX/gkJqIj/ Zs=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [strtas] l074.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Gkbo] "C:\Program Files\Common Files\??crosoft.NET\l?gonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122783004802
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED34B46-A427-42CE-89C1-8125BD3D466B}: NameServer = 24.25.5.149,24.25.5.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CBB13B-ED7D-4F03-A179-A146FC2CD9D0}: NameServer = 24.25.5.149,24.25.5.150
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5407 bytes
  • 0

Advertisements


#2
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thought I should post the HiJackthis without being in Windows Safemode....so here it is

btw: using IE for browser.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:17 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\Common Files\??crosoft.NET\l?gonui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.airnav.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...7AX/gkJqIj/ Zs=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [strtas] l074.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [Gkbo] "C:\Program Files\Common Files\??crosoft.NET\l?gonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122783004802
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED34B46-A427-42CE-89C1-8125BD3D466B}: NameServer = 24.25.5.149,24.25.5.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CBB13B-ED7D-4F03-A179-A146FC2CD9D0}: NameServer = 24.25.5.149,24.25.5.150
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6529 bytes
  • 0

#3
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
From reading another post of a similar problem I am trying to get ahead....hope my actions are not taking me a step back be doing so.

Downloaded and ran Deckard's system scanner and posting results of main.txt and extra.txt

Deckard's System Scanner v20071014.68
Run by Darin on 2008-04-24 22:33:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-25 02:34:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Darin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:05 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Darin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Darin.exe

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122783004802
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED34B46-A427-42CE-89C1-8125BD3D466B}: NameServer = 24.25.5.149,24.25.5.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CBB13B-ED7D-4F03-A179-A146FC2CD9D0}: NameServer = 24.25.5.149,24.25.5.150
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5711 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080423-110129-448 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20080423-110129-833 O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
backup-20080423-110239-301 R3 - Default URLSearchHook is missing

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 msdirectx - c:\documents and settings\darin\msdirectx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 ScsiAccess - c:\program files\photodex\compupicpro\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_00E01033&REV_04\4&253A0906&0&3AA4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_00E01033&REV_04\4&253A0906&0&3AA4
Service:


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-23 16:37:23 0 dr-h----- C:\Documents and Settings\Ashley Brueckner\Recent
2008-04-23 13:06:27 0 d-------- C:\Program Files\RcvSystem
2008-04-23 12:47:57 0 d-------- C:\Documents and Settings\Ashley Brueckner\Application Data\AVG7
2008-04-23 10:30:42 0 d-------- C:\Program Files\Trend Micro
2008-04-22 19:27:33 0 dr-h----- C:\Documents and Settings\Darin\Recent
2008-04-22 19:17:03 0 d-------- C:\Program Files\CCleaner
2008-04-22 13:36:36 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-22 12:52:16 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 09:59:25 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\Application Data\AVG7
2008-04-22 09:58:17 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Local Settings
2008-04-22 09:58:17 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\Favorites
2008-04-22 09:58:17 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\Desktop
2008-04-22 09:58:17 0 d---s---- C:\Documents and Settings\Administrator.ASHLEY\Cookies
2008-04-22 09:58:17 0 dr-h----- C:\Documents and Settings\Administrator.ASHLEY\Application Data
2008-04-22 09:58:17 0 d---s---- C:\Documents and Settings\Administrator.ASHLEY\Application Data\Microsoft
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Templates
2008-04-22 09:58:16 0 dr------- C:\Documents and Settings\Administrator.ASHLEY\Start Menu
2008-04-22 09:58:16 0 dr-h----- C:\Documents and Settings\Administrator.ASHLEY\SendTo
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Recent
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\PrintHood
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\NetHood
2008-04-22 09:58:16 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\My Documents
2008-04-22 09:58:15 786432 --ah----- C:\Documents and Settings\Administrator.ASHLEY\NTUSER.DAT
2008-04-22 09:57:58 0 d--hs---- C:\WINDOWS\CSC
2008-04-22 03:33:28 0 dr-h----- C:\$VAULT$.AVG
2008-04-22 01:41:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 00:58:16 0 d-------- C:\Documents and Settings\Darin\Application Data\AVG7
2008-04-22 00:56:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-22 00:55:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 00:55:28 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-22 00:38:10 0 d-------- C:\Documents and Settings\Darin\Application Data\HP
2008-04-22 00:08:42 16896 --a------ C:\WINDOWS\bokja.exe
2008-04-21 23:31:20 68 --a------ C:\Documents and Settings\Darin\X—Š
2008-04-21 23:20:40 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 21:52:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 21:52:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 21:52:31 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 21:52:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 21:52:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 21:52:30 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 20:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 16:42:28 24832 --a------ C:\WINDOWS\stcloader.exe
2008-04-20 16:42:27 11264 --a------ C:\WINDOWS\voiceip.dll
2008-04-20 16:42:27 25088 --a------ C:\WINDOWS\mssvr.exe
2008-04-20 16:42:27 30464 --a------ C:\WINDOWS\cdsm32.dll
2008-04-20 16:42:26 9216 --a------ C:\WINDOWS\mspphe.dll
2008-04-20 16:42:26 22016 --a------ C:\WINDOWS\bjam.dll
2008-04-20 16:42:26 18176 --a------ C:\WINDOWS\2020search2.dll
2008-04-20 16:42:26 20992 --a------ C:\WINDOWS\2020search.dll
2008-04-20 16:42:23 19200 --a------ C:\WINDOWS\saiemod.dll
2008-04-20 16:42:22 13056 --a------ C:\WINDOWS\msapasrc.dll
2008-04-20 16:42:22 16384 --a------ C:\WINDOWS\msa64chk.dll
2008-04-20 16:42:21 26880 --a------ C:\WINDOWS\shdocpl.dll
2008-04-20 16:42:20 24832 --a------ C:\WINDOWS\winsb.dll
2008-04-20 16:42:20 20224 --a------ C:\WINDOWS\shdocpe.dll
2008-04-20 16:42:20 13568 --a------ C:\WINDOWS\ntnut.exe
2008-04-20 16:42:20 14080 --a------ C:\WINDOWS\browserad.dll
2008-04-20 16:42:20 14336 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-20 16:42:20 25088 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-20 16:42:19 22528 --a------ C:\WINDOWS\avifile32.dll
2008-04-20 16:42:19 10752 --a------ C:\WINDOWS\autodisc32.dll
2008-04-20 16:42:19 19968 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-20 16:42:19 26624 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-20 16:42:19 24832 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-20 16:42:19 12800 --a------ C:\WINDOWS\athprxy32.dll
2008-04-20 16:42:18 17920 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-20 16:42:18 13824 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-20 16:42:18 25856 --a------ C:\WINDOWS\asferror32.dll
2008-04-20 16:42:18 14336 --a------ C:\WINDOWS\apphelp32.dll
2008-04-20 16:22:15 9684 --ahs---- C:\WINDOWS\system32\yyISAGgh.ini2
2008-04-20 16:22:11 274432 --a------ C:\WINDOWS\system32\hgGASIyy.dll
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-20 16:19:23 4096 --a------ C:\WINDOWS\a.bat
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-20 16:19:22 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-20 16:19:22 0 d-------- C:\Documents and Settings\Ashley Brueckner\Desktopvirii
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-20 16:19:21 0 d-------- C:\WINDOWS\system32smp
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-20 16:19:21 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-20 16:19:20 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-20 16:19:19 0 d-------- C:\WINDOWS\mslagent
2008-04-20 16:19:19 4096 --a------ C:\WINDOWS\bdn.com
2008-04-20 16:19:19 0 d-------- C:\Program Files\akl
2008-04-20 16:18:51 0 d-------- C:\Documents and Settings\All Users\Application Data\cjilclwr
2008-04-20 16:18:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 16:18:45 0 d-------- C:\Program Files\Outerinfo
2008-04-20 16:18:41 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2008-04-20 16:18:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 16:18:39 0 d-------- C:\Program Files\QdrPack
2008-04-20 16:18:30 0 d-------- C:\WINDOWS\PerfInfo
2008-04-20 16:18:30 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 16:18:29 65024 --a------ C:\Documents and Settings\All Users\Application Data\nunydavi.dll
2008-04-20 16:18:28 60928 --a------ C:\WINDOWS\system32\xsna.dll
2008-04-20 16:18:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-20 16:18:25 192512 --a------ C:\WINDOWS\mxyfclkj.dll
2008-04-20 16:18:24 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-20 16:18:21 65024 --a------ C:\WINDOWS\sdgvknsp.dll
2008-04-20 16:17:49 0 d-------- C:\Program Files\QdrModule
2008-04-20 16:17:34 0 d-------- C:\Program Files\QdrDrive
2008-04-20 16:17:33 28672 --a------ C:\WINDOWS\winself.exe
2008-04-20 16:17:30 0 d-------- C:\Program Files\ISM
2008-04-20 16:17:26 41724 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2008-04-20 16:17:23 0 d-------- C:\Documents and Settings\Ashley Brueckner\Application Data\?icrosoft.NET
2008-04-11 15:44:48 187904 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2008-04-05 01:29:14 270694 --a------ C:\WINDOWS\system32\000090.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-22 01:41:41 0 d-------- C:\Program Files\Common Files
2008-04-21 20:15:40 0 d-------- C:\Program Files\Lavasoft
2008-04-21 20:15:38 0 d-------- C:\Documents and Settings\Darin\Application Data\Lavasoft
2008-04-21 20:04:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-20 16:18:42 0 d-------- C:\Program Files\Common Files\??crosoft.NET


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/31/2005 01:20 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/13/2004 04:04 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 01:33 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/07/2004 02:56 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/15/2004 09:00 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/19/2005 10:05 AM C:\WINDOWS\AGRSMMSG.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 12:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-24 22:35:41 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 382.98 MiB / 126.91 MiB
Pagefile Memory (total/avail): 921.6 MiB / 696.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.21 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 31.78 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2060AT PL - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Darin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ASHLEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Darin
LOGONSERVER=\\ASHLEY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Darin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Darin\LOCALS~1\Temp
USERDOMAIN=ASHLEY
USERNAME=Darin
USERPROFILE=C:\Documents and Settings\Darin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ashley Brueckner (admin)
Darin (admin)
Administrator.ASHLEY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Agere Systems AC'97 Modem --> agrsmdel
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom Wireless Utility --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CompuPic Pro --> C:\Program Files\Photodex\CompuPicPro\compupic.exe . -u
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Norton AntiVirus SCSSDist MSI --> MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type19178 / Error
Event Submitted/Written: 04/23/2008 01:10:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type19151 / Error
Event Submitted/Written: 04/22/2008 01:28:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application pctsGui.exe, version 5.5.0.212, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type19150 / Error
Event Submitted/Written: 04/22/2008 00:58:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application pctsGui.exe, version 5.5.0.212, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type19130 / Error
Event Submitted/Written: 04/22/2008 00:33:12 AM
Event ID/Source: 11722 / MsiInstaller
Event Description:
Product: Ad-Aware 2007 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action Uninstall_Old1, location: C:\WINDOWS\system32\, command: cmd /c C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Event Record #/Type19126 / Error
Event Submitted/Written: 04/22/2008 00:28:09 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type60193 / Error
Event Submitted/Written: 04/24/2008 09:08:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:
%%1053

Event Record #/Type60192 / Error
Event Submitted/Written: 04/24/2008 09:08:05 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.

Event Record #/Type60166 / Error
Event Submitted/Written: 04/23/2008 09:19:26 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:
%%1053

Event Record #/Type60165 / Error
Event Submitted/Written: 04/23/2008 09:19:26 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.

Event Record #/Type60161 / Error
Event Submitted/Written: 04/23/2008 09:18:04 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-24 22:35:41 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello dboik

Welcome to G2Go. :)
=====================
Can you please go to Start> run then copy\paste this in the run box "%userprofile%\desktop\dss.exe" /config then hit ok.

This will open dss again please place checks in all of the boxes and then hit ok or scan.
Then post both logs it produces.
  • 0

#5
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Kahdah, thanks for the reply and help, this has been driving me crazy.

Here are the logs of main.txt and extra.txt

Deckard's System Scanner v20071014.68
Run by Ashley Brueckner on 2008-04-30 20:51:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Ashley Brueckner.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:46 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ashley Brueckner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ashley Brueckner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122783004802
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED34B46-A427-42CE-89C1-8125BD3D466B}: NameServer = 24.25.5.147,24.25.5.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE8114EA-A28F-4290-B6EE-0D7C78A31149}: NameServer = 24.25.5.147,24.25.5.148
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7053 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080423-110129-448 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20080423-110129-833 O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
backup-20080423-110239-301 R3 - Default URLSearchHook is missing
backup-20080425-231500-431 R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
backup-20080425-231500-535 R3 - URLSearchHook: ScriptInocUI Class - - (no file)
backup-20080426-110036-121 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080426-110036-154 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080426-110036-312 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20080426-110036-320 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
backup-20080426-110036-759 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080426-110036-854 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...AX/gkJqIj/ Zs==
backup-20080426-110036-980 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20080426-110036-988 R3 - URLSearchHook: ScriptInocUI Class - - (no file)
backup-20080427-203515-354 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080427-203515-386 O4 - HKCU\..\Run: [Gkbo] "C:\Program Files\Common Files\??crosoft.NET\l?gonui.exe"
backup-20080427-203515-532 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080427-203515-563 O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
backup-20080427-203515-574 O4 - HKCU\..\Run: [strtas] l074.exe
backup-20080427-203515-749 O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
backup-20080427-234334-114 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080427-234334-300 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080427-234334-436 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080427-234334-469 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\program files\photodex\compupicpro\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 680)
2000-11-22 08:00:00 24644 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing, Inc.; WinZip>


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-28 20:19:25 0 d-------- C:\Program Files\Panda Security
2008-04-27 16:24:23 0 d-------- C:\Documents and Settings\Ashley Brueckner\Application Data\AVG7
2008-04-27 16:24:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-27 16:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-26 22:14:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-26 15:57:15 0 d-------- C:\WINDOWS\network diagnostic
2008-04-26 15:41:37 0 d--h----- C:\BJPrinter
2008-04-25 23:23:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 23:23:33 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 23:20:27 0 d-------- C:\HostsXpert
2008-04-25 22:07:47 0 d-------- C:\Documents and Settings\Darin\Application Data\Viewpoint
2008-04-24 23:36:29 0 d-------- C:\Documents and Settings\Darin\Application Data\Sun
2008-04-24 22:59:00 68096 --a------ C:\WINDOWS\zip.exe
2008-04-24 22:59:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-24 22:59:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-24 22:59:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-24 22:59:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-24 22:59:00 98816 --a------ C:\WINDOWS\sed.exe
2008-04-24 22:59:00 80412 --a------ C:\WINDOWS\grep.exe
2008-04-24 22:59:00 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-24 22:48:39 2464 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-23 16:37:23 0 dr-h----- C:\Documents and Settings\Ashley Brueckner\Recent
2008-04-23 13:06:27 0 d-------- C:\Program Files\RcvSystem
2008-04-23 10:30:42 0 d-------- C:\Program Files\Trend Micro
2008-04-22 19:27:33 0 dr-h----- C:\Documents and Settings\Darin\Recent
2008-04-22 19:17:03 0 d-------- C:\Program Files\CCleaner
2008-04-22 13:36:36 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-22 12:52:16 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 09:58:17 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Local Settings
2008-04-22 09:58:17 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\Favorites
2008-04-22 09:58:17 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\Desktop
2008-04-22 09:58:17 0 d---s---- C:\Documents and Settings\Administrator.ASHLEY\Cookies
2008-04-22 09:58:17 0 dr-h----- C:\Documents and Settings\Administrator.ASHLEY\Application Data
2008-04-22 09:58:17 0 d---s---- C:\Documents and Settings\Administrator.ASHLEY\Application Data\Microsoft
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Templates
2008-04-22 09:58:16 0 dr------- C:\Documents and Settings\Administrator.ASHLEY\Start Menu
2008-04-22 09:58:16 0 dr-h----- C:\Documents and Settings\Administrator.ASHLEY\SendTo
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\Recent
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\PrintHood
2008-04-22 09:58:16 0 d--h----- C:\Documents and Settings\Administrator.ASHLEY\NetHood
2008-04-22 09:58:16 0 d-------- C:\Documents and Settings\Administrator.ASHLEY\My Documents
2008-04-22 09:58:15 507904 --a------ C:\Documents and Settings\Administrator.ASHLEY\NTUSER.DAT
2008-04-22 09:57:58 0 d--hs---- C:\WINDOWS\CSC
2008-04-22 03:33:28 0 dr-h----- C:\$VAULT$.AVG
2008-04-22 01:41:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 00:38:10 0 d-------- C:\Documents and Settings\Darin\Application Data\HP
2008-04-21 23:31:20 68 --a------ C:\Documents and Settings\Darin\X—Š
2008-04-21 23:20:40 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 21:52:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 21:52:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 21:52:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 21:52:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 21:52:31 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 21:52:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 21:52:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 21:52:30 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 20:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 16:18:51 0 d-------- C:\Documents and Settings\All Users\Application Data\cjilclwr
2008-04-20 16:18:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 16:18:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-20 16:18:30 0 d-------- C:\WINDOWS\mgwwgmke
2008-04-20 16:18:29 65024 --a------ C:\Documents and Settings\All Users\Application Data\nunydavi.dll
2008-04-20 16:18:26 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-20 16:18:21 65024 --a------ C:\WINDOWS\sdgvknsp.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-25 22:17:02 0 d-------- C:\Program Files\Java
2008-04-24 23:02:53 0 d-------- C:\Program Files\Common Files
2008-04-21 20:15:40 0 d-------- C:\Program Files\Lavasoft
2008-04-21 20:04:09 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/31/2005 01:20 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/13/2004 04:04 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 01:33 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/07/2004 02:56 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/15/2004 09:00 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/19/2005 10:05 AM C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/27/2008 04:23 PM]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [01/24/2008 09:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66ce74ba-b86e-11db-8110-00038a000015}]
AutoRun\command- E:\Installer.exe




-- End of Deckard's System Scanner: finished at 2008-04-30 20:54:07 ------------


///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 382.98 MiB / 170.2 MiB
Pagefile Memory (total/avail): 921.6 MiB / 660.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.15 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 32.48 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2060AT PL - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ashley Brueckner\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ASHLEY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ashley Brueckner
LOGONSERVER=\\ASHLEY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ASHLEY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ASHLEY~1\LOCALS~1\Temp
USERDOMAIN=ASHLEY
USERNAME=Ashley Brueckner
USERPROFILE=C:\Documents and Settings\Ashley Brueckner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ashley Brueckner (admin)
Darin (admin)
Administrator.ASHLEY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Agere Systems AC'97 Modem --> agrsmdel
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Broadcom Wireless Utility --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CompuPic Pro --> C:\Program Files\Photodex\CompuPicPro\compupic.exe . -u
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Norton AntiVirus SCSSDist MSI --> MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type19238 / Warning
Event Submitted/Written: 04/26/2008 05:36:48 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type19237 / Warning
Event Submitted/Written: 04/26/2008 05:36:45 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type19233 / Error
Event Submitted/Written: 04/26/2008 04:16:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Ad-Watch2007.exe, version 7.0.2.6, faulting module AWProcessWatch.dll, version 7.0.2.2, fault address 0x00007e9f.
Processing media-specific event for [Ad-Watch2007.exe!ws!]

Event Record #/Type19226 / Error
Event Submitted/Written: 04/26/2008 03:47:11 PM
Event ID/Source: 1010 / Windows Product Activation
Event Description:
The Windows license was restored due to a system error. You might need to reactivate your Windows product.

Event Record #/Type19178 / Error
Event Submitted/Written: 04/23/2008 01:10:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type61031 / Error
Event Submitted/Written: 04/28/2008 10:40:29 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type61030 / Error
Event Submitted/Written: 04/28/2008 10:40:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:
%%1053

Event Record #/Type61029 / Error
Event Submitted/Written: 04/28/2008 10:40:29 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.

Event Record #/Type61028 / Error
Event Submitted/Written: 04/28/2008 10:40:25 PM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.

Event Record #/Type60980 / Error
Event Submitted/Written: 04/28/2008 07:58:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-30 20:54:07 ------------
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you tell me what is in this folder:

C:\Documents and Settings\All Users\Application Data\cjilclwr ?

To find it you will have to show Hidden FIles and Folders:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK

Now: using Windows Explorer (to get there right-click your Start button and go to "Explore")
Then navigate to the folder open it and let me know what is inside of it please.
Thanks.
  • 0

#7
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
All Users\Application Data\cjilclwr There is Nothing in the folder, I made sure I did the checks you mentioned too.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Darin\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\cjilclwr
    C:\Documents and Settings\All Users\Application Data\Rabio
    C:\WINDOWS\mgwwgmke
    C:\Documents and Settings\All Users\Application Data\nunydavi.dll
    C:\WINDOWS\sdgvknsp.dll 
    purity
    Empty temp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#9
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I downloaded OTMoveit and paste the contents into then clicked Move it.

The operation has been sitting busy with hour glass cursor for several minutes now while trying to move C:\documents and Settings\All Users\Application Data\nunydavi.dll

I have not seen a prompt to reboot.....it continues to sit busy. I will continue to let it wait till I hear back from you.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try to go ahead and reboot if it continues to sit then go ahead with the rest of the instructions.
  • 0

Advertisements


#11
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I had to end process on OTMoveit to reboot, then downloaded, installed and scanned using MBAM.
OTMoveit did not make a log since I ended it, all files were moved sucessfully except the following:
C:\Documents and Settings\All Users\Application Data\nunydavi.dll ////////Got stuck here and still shown in that directory.
C:\WINDOWS\sdgvknsp.dll (still shown in windows directory)
purity
Empty temp


Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Quick Scan
Objects scanned: 38190
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Documents and Settings\All Users\Application Data\nunydavi.dll
C:\WINDOWS\sdgvknsp.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
====================================================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#13
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Ran Avenger, ATF-Cleaner and kaspersky and below are the logs.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\All Users\Application Data\nunydavi.dll" deleted successfully.
File "C:\WINDOWS\sdgvknsp.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 9:47:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734077
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 50806
Number of viruses found: 13
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 01:05:07

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\BLR5FC.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\BLR5FC.tmp/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\BLR5FC.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\Temporary Internet Files\Content.IE5\QTUFMJMV\ismtpa15[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\Temporary Internet Files\Content.IE5\QTUFMJMV\ismtpa15[1].exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\Deckard\System Scanner\20080424225547\backup\WINDOWS\temp\Temporary Internet Files\Content.IE5\QTUFMJMV\ismtpa15[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\547865a3c9546e2824990b2b1d765d2e_3e683df8-f805-4f92-b53a-9f0f94482df5 Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Ashley Brueckner\Incomplete\Preview-T-3545425-james odo.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\History\History.IE5\MSHist012008050120080502\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ashley Brueckner\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Ashley Brueckner\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Ashley Brueckner\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Ashley Brueckner\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Ashley Brueckner\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Ashley Brueckner\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Ashley Brueckner\Shared\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Darin\Desktop\Malware Removal\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Darin\Desktop\Malware Removal\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Darin\Desktop\Malware Removal\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\CROSOF~1.NET\lоgonui.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGASIyy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qfq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xsna.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Ashley Brueckner\Incomplete\Preview-T-3545425-james odo.mp3 
    C:\Documents and Settings\Ashley Brueckner\Shared\01 Track 1.wma 
    C:\Documents and Settings\Ashley Brueckner\Shared\02 Track 2.wma
    C:\Documents and Settings\Ashley Brueckner\Shared\03 Track 3.wma
    C:\Documents and Settings\Ashley Brueckner\Shared\06 Track 6.wma 
    C:\Documents and Settings\Ashley Brueckner\Shared\07 Track 7.wma
    C:\Documents and Settings\Ashley Brueckner\Shared\Rare Recording.wma 
    C:\Documents and Settings\Ashley Brueckner\Shared\Top of Charts - 2004.wma 
    C:\Documents and Settings\Darin\Desktop\Malware Removal\SmitfraudFix.exe 
    C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix
    C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
Also post another Hijackthislog and let me know how things are running?
  • 0

#15
dboik

dboik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Moved the files, and ran Hijackthis......is O17 ok to have? Computer running ok, but only using it to perform the task you have been instructing me to do. When I was trying it would be pretty good then deteriorate after reboots and opening and closing IE. Once you think the logs look clean I will check it out better.

Also not sure about R1 in hijackthis log.

here are the logs:



C:\Documents and Settings\Ashley Brueckner\Incomplete\Preview-T-3545425-james odo.mp3 moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\01 Track 1.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\02 Track 2.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\03 Track 3.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\06 Track 6.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\07 Track 7.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\Rare Recording.wma moved successfully.
C:\Documents and Settings\Ashley Brueckner\Shared\Top of Charts - 2004.wma moved successfully.
C:\Documents and Settings\Darin\Desktop\Malware Removal\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix moved successfully.
C:\Documents and Settings\Ashley Brueckner\Desktop\SmitfraudFix.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_130454

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:08 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122783004802
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED34B46-A427-42CE-89C1-8125BD3D466B}: NameServer = 24.25.5.147,24.25.5.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE8114EA-A28F-4290-B6EE-0D7C78A31149}: NameServer = 24.25.5.147,24.25.5.148
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6996 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP