Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vicious Spyware attack [RESOLVED]


  • This topic is locked This topic is locked

#1
spinedaddy

spinedaddy

    Member

  • Member
  • PipPip
  • 23 posts
I have been infected with a vicious spyware virus. I get a popup saying to download software to remove this spyware. I'm a little suspicious of this site. I think it has infected my registry. There is a file in windows (onepek.dll) that is new. It appeared 4/29 when the attack occured. Please help. Below is Smitfraudfix details.

Johnny

SmitFraudFix v2.319

Scan done at 21:10:36.57, Mon 05/05/2008
Run from C:\Documents and Settings\Johnny Wase\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johnny Wase


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Johnny Wase\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNNY~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: onepek.dll
BHO: SSVHelper - {907C8FB0-1205-4189-99C9-9E8DA884B0B0}
CLSID: {907C8FB0-1205-4189-99C9-9E8DA884B0B0}
AppID: {907C8FB0-1205-4189-99C9-9E8DA884B0B0}
AppID: onepek.dll
Classes: SSV.SSVHelper
TypeLib: {5522E65B-6538-431A-BDAF-0B096A3FDD1C}
Interface: {96A48B57-D55D-4B03-895D-7EE0281D1929}


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_Dlls"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.25.5.148
DNS Server Search Order: 24.25.5.147

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D2E8D103-261F-476C-BA76-86D1BBD03740}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D2E8D103-261F-476C-BA76-86D1BBD03740}: DhcpNameServer=24.31.195.63 24.31.195.65 24.31.195.64
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D2E8D103-261F-476C-BA76-86D1BBD03740}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D2E8D103-261F-476C-BA76-86D1BBD03740}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.31.195.63 24.31.195.65 24.31.195.64
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by spinedaddy, 05 May 2008 - 08:43 PM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. I'm looking at your log now and currently consulting with experts regarding your malware problem.. Thank you for your patience and understanding..

Regards
fenzodahl512
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello spinedaddy.. My name is fenzodahl512 and welcome to Geekstogo.. Please do the following..


Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint or anything that says Viewpoint




NEXT


Using Windows Explorer, please delete the following folder (if present): (To get into Windows Explorer, right click the START button and select "explore.")

C:\Program Files\Viewpoint




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#4
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the file from dss:

Deckard's System Scanner v20071014.68
Run by Johnny Wase on 2008-05-11 20:27:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny Wase.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:28 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Johnny Wase\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNNY~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.rr.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehos...s/custappx3.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131415242671
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong....timage30717.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...4.15/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medtronic.we...bex/ieatgpc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...oad/XUpload.ocx
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

--
End of file - 14757 bytes

-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-06 00:00:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-06 00:00:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-06 00:00:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-06 00:00:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 00:00:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-06 00:00:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-06 00:00:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-06 00:00:47 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-05 23:41:49 0 d-------- C:\Program Files\Trend Micro
2008-05-05 21:11:02 5004 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 21:10:03 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-05 21:10:03 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-05 21:10:03 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-05 21:10:03 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-05 21:10:03 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 21:10:03 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 20:45:53 0 d-------- C:\WINDOWS\CAVTemp
2008-05-05 20:45:42 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-05 20:45:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 22:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-04 22:01:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\HouseCall 6.6
2008-05-04 21:13:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Desktop Mechanic
2008-05-04 21:08:34 0 d-------- C:\Program Files\Desktop Maestro
2008-04-30 23:16:46 0 d-------- C:\Documents and Settings\Johnny Wase\.housecall6.6
2008-04-30 21:43:16 0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-29 22:33:59 220160 -----n--- C:\WINDOWS\onepek.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-11 20:13:14 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-09 23:06:02 0 d-------- C:\Program Files\ItsDeductible2005
2008-05-09 23:00:25 0 d-------- C:\Program Files\Java
2008-05-06 00:26:40 0 d-------- C:\Program Files\TrojanHunter 4.2
2008-05-06 00:12:41 0 d-------- C:\Program Files\Common Files
2008-05-04 23:00:05 0 d-------- C:\Program Files\CA
2008-05-01 20:24:24 0 d-------- C:\Program Files\fsupport
2008-04-07 21:48:11 0 d-------- C:\Program Files\iTunes
2008-04-07 21:48:00 0 d-------- C:\Program Files\iPod
2008-04-07 21:45:03 0 d-------- C:\Program Files\QuickTime
2008-04-02 22:44:40 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Adobe
2008-03-30 20:57:54 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Blackberry Desktop
2008-03-24 21:01:09 0 d-------- C:\Program Files\Safari
2008-03-11 22:40:11 0 d-------- C:\Program Files\Palm


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 03:56 AM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 06:24 PM C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/06/2003 11:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 03:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.2\THGuard.exe" [02/19/2005 05:36 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [06/29/2006 02:17 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 09:56 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"DesktopMechanic"="" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [05/04/2008 11:00 PM]
"CAVRID"="C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe" [08/20/2007 01:36 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [02/05/2008 11:19 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [02/05/2008 11:19 AM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [02/05/2008 11:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 04:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Johnny Wase\Start Menu\Programs\Startup\
DESKTOP.INI [8/8/2003 3:47:34 PM]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [3/19/2003 7:08:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2/6/2003 8:06:30 PM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [8/17/2007 9:59:02 AM]
DESKTOP.INI [8/8/2003 3:47:34 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/11/2003 10:06:14 AM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [11/30/2003 3:06:06 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [4/4/2004 1:00:02 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 10:49:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-11 20:29:19 ------------
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello spinedaddy, thanks for the reply.. Please do the following..


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\pool.bin
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.



NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\onepek.dll
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



NEXT


Please go to Start >> Run >> and copy/paste below into the box >> Press Enter

"%userprofile%\desktop\dss.exe" /config


At DSS configuration box, press Check All button and then press Scan!

After that please post both main.txt and extra.txt here



Please post the following logs in your next reply...

1. OTMoveIt2 log
2. Malwarebytes' Anti-Malware report
3. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#6
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Scan taken on 12 May 2008 04:06:03 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Explorer killed successfully
C:\WINDOWS\onepek.dll unregistered successfully.
C:\WINDOWS\onepek.dll moved successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05122008_001138

Edited by spinedaddy, 11 May 2008 - 10:15 PM.

  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello spinedaddy, I'm still waiting for your MalwareBytes' Anti-Malware result and Deckard System Scanner logs..

Thank you :)
  • 0

#8
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes' Anti-Malware 1.12
Database version: 742

Scan type: Full Scan (C:\|)
Objects scanned: 158602
Time elapsed: 48 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080505-235532-602.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\05122008_001138\WINDOWS\onepek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\another_typewriter.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\elegant.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\english.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\grubby.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jayne_print.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jennifer.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jewel_hill.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\journal.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kaileen.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\saginaw.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\santas_sleigh.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\tall_paul.zip (Trojan.Downloader) -> Quarantined and deleted successfully.




Deckard's System Scanner v20071014.68
Run by Johnny Wase on 2008-05-12 07:31:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2008-05-12 11:31:24 UTC - RP1015 - Deckard's System Scanner Restore Point
102: 2008-05-12 01:40:49 UTC - RP1014 - System Checkpoint
101: 2008-05-10 03:06:44 UTC - RP1013 - Removed TurboTax ItsDeductible 2006
100: 2008-05-10 03:05:47 UTC - RP1012 - Removed TurboTax ItsDeductible 2005
99: 2008-05-10 03:02:05 UTC - RP1011 - Removed Norton Security Scan


-- First Restore Point --
1: 2008-02-13 05:07:13 UTC - RP913 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Johnny Wase.exe) -----------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-12 07:32:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust EZ Armor\ETRUST~2\isafe.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehsched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\ETRUST~2\vetmsg.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\eHome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\SM1bg.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\ETRUST~2\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Documents and Settings\Johnny Wase\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = ?
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehos...s/custappx3.CAB
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131415242671
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong....timage30717.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...4.15/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medtronic.we...bex/ieatgpc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...oad/XUpload.ocx
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\ETRUST~2\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\ETRUST~2\vetmsg.exe


--
End of file - 16276 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080505-235532-602 O2 - BHO: SSVHelper - {907C8FB0-1205-4189-99C9-9E8DA884B0B0} - C:\WINDOWS\onepek.dll

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 RimUsb (BlackBerry Smartphone) - c:\windows\system32\drivers\rimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 Roxio Upnp Server 9 - "c:\program files\roxio\digital home 9\roxioupnpservice9.exe" (file missing)
S3 Roxio UPnP Renderer 9 - "c:\program files\roxio\digital home 9\roxioupnprenderer9.exe" (file missing)
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 01:45:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-05 11:30:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2003-11-15 00:45:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 00:20:58 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Malwarebytes
2008-05-12 00:19:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 00:19:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 00:00:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-06 00:00:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-06 00:00:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-06 00:00:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 00:00:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-06 00:00:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-06 00:00:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-06 00:00:47 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-05 23:41:49 0 d-------- C:\Program Files\Trend Micro
2008-05-05 21:11:02 5004 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 21:10:03 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-05 21:10:03 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-05 21:10:03 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-05 21:10:03 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-05 21:10:03 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 21:10:03 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 20:45:53 0 d-------- C:\WINDOWS\CAVTemp
2008-05-05 20:45:42 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-05 20:45:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 22:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-04 22:01:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\HouseCall 6.6
2008-05-04 21:13:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Desktop Mechanic
2008-05-04 21:08:34 0 d-------- C:\Program Files\Desktop Maestro
2008-04-30 23:16:46 0 d-------- C:\Documents and Settings\Johnny Wase\.housecall6.6
2008-04-30 21:43:16 0 d-------- C:\WINDOWS\BDOSCAN8


-- Find3M Report ---------------------------------------------------------------

2008-05-11 20:13:14 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-09 23:06:02 0 d-------- C:\Program Files\ItsDeductible2005
2008-05-09 23:00:25 0 d-------- C:\Program Files\Java
2008-05-06 00:26:40 0 d-------- C:\Program Files\TrojanHunter 4.2
2008-05-06 00:12:41 0 d-------- C:\Program Files\Common Files
2008-05-04 23:00:05 0 d-------- C:\Program Files\CA
2008-05-01 20:24:24 0 d-------- C:\Program Files\fsupport
2008-04-07 21:48:11 0 d-------- C:\Program Files\iTunes
2008-04-07 21:48:00 0 d-------- C:\Program Files\iPod
2008-04-07 21:45:03 0 d-------- C:\Program Files\QuickTime
2008-04-02 22:44:40 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Adobe
2008-03-30 20:57:54 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Blackberry Desktop
2008-03-24 21:01:09 0 d-------- C:\Program Files\Safari


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 03:56 AM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 06:24 PM C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/06/2003 11:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 03:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.2\THGuard.exe" [02/19/2005 05:36 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [06/29/2006 02:17 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 09:56 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"DesktopMechanic"="" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [05/04/2008 11:00 PM]
"CAVRID"="C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe" [08/20/2007 01:36 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [02/05/2008 11:19 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [02/05/2008 11:19 AM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [02/05/2008 11:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 04:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Johnny Wase\Start Menu\Programs\Startup\
DESKTOP.INI [8/8/2003 3:47:34 PM]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [3/19/2003 7:08:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2/6/2003 8:06:30 PM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [8/17/2007 9:59:02 AM]
DESKTOP.INI [8/8/2003 3:47:34 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/11/2003 10:06:14 AM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [11/30/2003 3:06:06 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [4/4/2004 1:00:02 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 10:49:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-12 07:35:21 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 1023 MiB / 358.76 MiB
Pagefile Memory (total/avail): 2460.49 MiB / 1906.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.73 GiB total, 79.68 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: CA Personal Firewall v9.1.0.36 (CA)
AV: CA Anti-Virus v8.4.0.28 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"="C:\\Program Files\\Real\\RealPlayer\\trueplay.exe:*:Disabled:RealOne Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Johnny Wase\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHNNY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Johnny Wase
LOGONSERVER=\\JOHNNY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp
USERDOMAIN=JOHNNY
USERNAME=Johnny Wase
USERPROFILE=C:\Documents and Settings\Johnny Wase
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Johnny Wase (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATIMCEE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E6F4A97-631B-4C11-80AC-80111B64A909} /l1033
Audio/Video Conference 4.1+ --> C:\Program Files\Conference\Conference.exe /UNINSTALL
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{8597A304-D08E-4EE6-A80B-1A87AF6916C9}
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Club Dice Casino --> "C:\WINDOWS\Club Dice Casino Setup.exe" /uninstall
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Crypto! version 3.7 --> "C:\Program Files\Crypto\unins000.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Maestro 2.0 --> "C:\Program Files\Desktop Maestro\unins000.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Documents To Go --> MsiExec.exe /I{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
Dreamship Tales --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
eDrawings 2007 --> MsiExec.exe /I{5EB2FAEE-DB4A-4CB3-8C51-6876C6D1FF7E}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hampton Casino --> C:\Hampton Casino\Install.exe -u
Handmark Magic Dogs Super Solitaire 15 for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Magic Dogs for Palm OS\uninstal.log
Handmark® Colors for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Colors for Palm OS\uninstal.log
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Johnny Wase\Application Data\HouseCall 6.6\uninstaller.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaTickets by OIN --> "C:\Program Files\Common Files\Yazzle1409OinUninstaller.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Paint Shop Pro 7 --> MsiExec.exe /I{D6

Edited by spinedaddy, 12 May 2008 - 06:03 AM.

  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello spinedaddy, thanks for the reply... Please do the following...


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.



NEXT


Please go to Start >> Control Panel >> Add or Remove Programs and remove the following (if present):

MediaTickets by OIN




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6



NEXT


Please go to Start >> Run >> and copy/paste below into the box >> Press Enter

"%userprofile%\desktop\dss.exe" /config


At DSS configuration box, press Check All button and then press Scan!

After that please post both main.txt and extra.txt in separate post..


Do tell us about your computer behaviour.. We would like to hear from you..



Regards
fenzodahl512
  • 0

#10
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am having problems downloading Java 6. It keeps trying to connect, but doesn't. I may have deleted Java 1.4v by mistake on "add or remove Program" area. I deleted an older version of Java, but also deleted the Java 1.4v also.
  • 0

Advertisements


#11
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Deckard's System Scanner v20071014.68
Run by Johnny Wase on 2008-05-12 22:58:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-05-13 02:58:36 UTC - RP1024 - Deckard's System Scanner Restore Point
111: 2008-05-13 02:53:02 UTC - RP1023 - Removed Java™ SE Development Kit 6 Update 6
110: 2008-05-13 02:51:41 UTC - RP1022 - Removed Java™ 6 Update 5
109: 2008-05-13 02:41:46 UTC - RP1021 - Installed Java™ 6 Update 6
108: 2008-05-13 02:36:15 UTC - RP1020 - Installed Java™ SE Development Kit 6 Update 6


-- First Restore Point --
1: 2008-02-13 05:07:13 UTC - RP913 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Johnny Wase.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:05 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johnny Wase\desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNNY~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.rr.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehos...s/custappx3.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131415242671
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong....timage30717.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...4.15/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medtronic.we...bex/ieatgpc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.samsphoto...oad/XUpload.ocx
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

--
End of file - 13441 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080505-235532-602 O2 - BHO: SSVHelper - {907C8FB0-1205-4189-99C9-9E8DA884B0B0} - C:\WINDOWS\onepek.dll
backup-20080512-181934-720 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
backup-20080512-181934-803 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080512-181935-413 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20080512-181935-930 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 RimUsb (BlackBerry Smartphone) - c:\windows\system32\drivers\rimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 Roxio Upnp Server 9 - "c:\program files\roxio\digital home 9\roxioupnpservice9.exe" (file missing)
S3 Roxio UPnP Renderer 9 - "c:\program files\roxio\digital home 9\roxioupnprenderer9.exe" (file missing)
S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 3964)
2008-05-12 21:16:58 102912 --a------ C:\Program Files\TrojanHunter 4.2\THSec.dll
2004-08-22 20:51:54 314368 --a------ C:\Program Files\TrojanHunter 4.2\contmenu.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 21:19:07 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-12 11:30:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2003-11-15 00:45:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 22:42:54 0 d-------- C:\Program Files\Sun
2008-05-12 22:27:17 0 d-------- C:\Program Files\SDM20
2008-05-12 20:48:39 0 d-------- C:\Documents and Settings\Johnny Wase\.SunDownloadManager
2008-05-12 18:49:36 0 d-------- C:\Program Files\Common Files\Java
2008-05-12 00:20:58 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Malwarebytes
2008-05-12 00:19:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 00:19:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 00:00:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-06 00:00:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-06 00:00:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-06 00:00:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-06 00:00:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-06 00:00:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-06 00:00:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-06 00:00:47 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-05 23:41:49 0 d-------- C:\Program Files\Trend Micro
2008-05-05 21:11:02 5004 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 21:10:03 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-05 21:10:03 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-05 21:10:03 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-05 21:10:03 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-05 21:10:03 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 21:10:03 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-05 21:10:03 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-05 20:45:53 0 d-------- C:\WINDOWS\CAVTemp
2008-05-05 20:45:42 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-05 20:45:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 22:59:49 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-05-04 22:01:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\HouseCall 6.6
2008-05-04 21:13:38 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Desktop Mechanic
2008-05-04 21:08:34 0 d-------- C:\Program Files\Desktop Maestro
2008-04-30 23:16:46 0 d-------- C:\Documents and Settings\Johnny Wase\.housecall6.6
2008-04-30 21:43:16 0 d-------- C:\WINDOWS\BDOSCAN8


-- Find3M Report ---------------------------------------------------------------

2008-05-12 22:54:06 0 d-------- C:\Program Files\Java
2008-05-12 18:49:36 0 d-------- C:\Program Files\Common Files
2008-05-12 10:39:37 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-09 23:06:02 0 d-------- C:\Program Files\ItsDeductible2005
2008-05-06 00:26:40 0 d-------- C:\Program Files\TrojanHunter 4.2
2008-05-04 23:00:05 0 d-------- C:\Program Files\CA
2008-05-01 20:24:24 0 d-------- C:\Program Files\fsupport
2008-04-07 21:48:11 0 d-------- C:\Program Files\iTunes
2008-04-07 21:48:00 0 d-------- C:\Program Files\iPod
2008-04-07 21:45:03 0 d-------- C:\Program Files\QuickTime
2008-04-02 22:44:40 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Adobe
2008-03-30 20:57:54 0 d-------- C:\Documents and Settings\Johnny Wase\Application Data\Blackberry Desktop
2008-03-24 21:01:09 0 d-------- C:\Program Files\Safari


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/04/2004 03:56 AM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 06:24 PM C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/06/2003 11:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 03:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 4.2\THGuard.exe" [02/19/2005 05:36 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 09:56 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"DesktopMechanic"="" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:19 PM]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [05/04/2008 11:00 PM]
"CAVRID"="C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe" [08/20/2007 01:36 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [02/05/2008 11:19 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [02/05/2008 11:19 AM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [02/05/2008 11:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Johnny Wase\Start Menu\Programs\Startup\
DESKTOP.INI [8/8/2003 3:47:34 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/8/2003 3:47:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Johnny Wase^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Johnny Wase\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray




-- End of Deckard's System Scanner: finished at 2008-05-12 23:02:20 ------------

Edited by spinedaddy, 12 May 2008 - 09:03 PM.

  • 0

#12
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023 MiB / 500.79 MiB
Pagefile Memory (total/avail): 2460.49 MiB / 1994.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1906.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.73 GiB total, 79.24 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.76 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: CA Personal Firewall v9.1.0.36 (CA)
AV: CA Anti-Virus v8.4.0.28 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"="C:\\Program Files\\Real\\RealPlayer\\trueplay.exe:*:Disabled:RealOne Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Johnny Wase\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHNNY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Johnny Wase
LOGONSERVER=\\JOHNNY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNNY~1\LOCALS~1\Temp
USERDOMAIN=JOHNNY
USERNAME=Johnny Wase
USERPROFILE=C:\Documents and Settings\Johnny Wase
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Johnny Wase (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
--> MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
--> MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
--> MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
--> MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
--> MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATIMCEE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E6F4A97-631B-4C11-80AC-80111B64A909} /l1033
Audio/Video Conference 4.1+ --> C:\Program Files\Conference\Conference.exe /UNINSTALL
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{DE7A46A8-D4DA-4EE0-AD6C-326049517BF2}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{8597A304-D08E-4EE6-A80B-1A87AF6916C9}
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Club Dice Casino --> "C:\WINDOWS\Club Dice Casino Setup.exe" /uninstall
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Crypto! version 3.7 --> "C:\Program Files\Crypto\unins000.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Maestro 2.0 --> "C:\Program Files\Desktop Maestro\unins000.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Documents To Go --> MsiExec.exe /I{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
Dreamship Tales --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
eDrawings 2007 --> MsiExec.exe /I{5EB2FAEE-DB4A-4CB3-8C51-6876C6D1FF7E}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hampton Casino --> C:\Hampton Casino\Install.exe -u
Handmark Magic Dogs Super Solitaire 15 for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Magic Dogs for Palm OS\uninstal.log
Handmark® Colors for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Colors for Palm OS\uninstal.log
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Johnny Wase\Application Data\HouseCall 6.6\uninstaller.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Palm Desktop --> MsiExec.exe /X{1C263E36-DF93-436F-9F0A-F41D82F490CB}
PE Resource Explorer 2.0 --> "C:\Program Files\PE Resource Explorer\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster® Platinum 8.0 --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rave-MP Digital Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43C63E0-0BDC-498B-B7E9-7DCF902D8610}\setup.exe" -l0x9
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RoboRiches Calculator 1.0 --> C:\Documents and Settings\Johnny Wase\My Documents\RoboRiches Calculator\uninst.exe
Roxio Media Manager --> MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SereneScreen Marine Aquarium 2 --> "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
snoopy_xmas Screensaver --> pysoft_uninstaller.exe /u C:\WINDOWS\System32\snoopy_xmas.scr
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Sonic PrimeTime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DA9061C-A8C6-4B0E-BF2B-1E444D8642E3}\setup.exe" -l0x9 -L0x9 /SMAINT
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Sun™ Download Manager 2.0 --> C:\Program Files\SDM20\Uninstal.exe
The Art of Creative Lettering --> C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\INSTALL.LOG
TrojanHunter 4.2 --> "C:\Program Files\TrojanHunter 4.2\unins000.exe"
TurboTax Deluxe 2003 --> C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}


-- Application Event Log -------------------------------------------------------

Event Record #/Type20677 / Success
Event Submitted/Written: 05/12/2008 09:16:41 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully

Event Record #/Type20675 / Success
Event Submitted/Written: 05/12/2008 09:16:28 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type20674 / Success
Event Submitted/Written: 05/12/2008 09:16:25 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Shell is started at session 0

Event Record #/Type20673 / Success
Event Submitted/Written: 05/12/2008 09:16:25 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type20668 / Warning
Event Submitted/Written: 05/12/2008 09:16:12 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15741 / Warning
Event Submitted/Written: 05/12/2008 10:59:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOHNNY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOHNNY27 can't undo changes that you allow.

For more information please see the following:
%JOHNNY275

Scan ID: {6B92A033-C61F-4F20-8BA8-3BF28BF5523B}

User: JOHNNY\Johnny Wase

Name: %JOHNNY271

ID: %JOHNNY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOHNNY276

Alert Type: %JOHNNY278

Detection Type: 1.1.1593.02

Event Record #/Type15740 / Warning
Event Submitted/Written: 05/12/2008 10:59:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOHNNY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOHNNY27 can't undo changes that you allow.

For more information please see the following:
%JOHNNY275

Scan ID: {5A3CD411-308A-4082-AF07-5875683461E5}

User: JOHNNY\Johnny Wase

Name: %JOHNNY271

ID: %JOHNNY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOHNNY276

Alert Type: %JOHNNY278

Detection Type: 1.1.1593.02

Event Record #/Type15739 / Warning
Event Submitted/Written: 05/12/2008 10:59:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOHNNY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOHNNY27 can't undo changes that you allow.

For more information please see the following:
%JOHNNY275

Scan ID: {FE1A654D-74FD-4FCA-89BF-C141CBBD1024}

User: JOHNNY\Johnny Wase

Name: %JOHNNY271

ID: %JOHNNY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOHNNY276

Alert Type: %JOHNNY278

Detection Type: 1.1.1593.02

Event Record #/Type15738 / Warning
Event Submitted/Written: 05/12/2008 10:59:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOHNNY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOHNNY27 can't undo changes that you allow.

For more information please see the following:
%JOHNNY275

Scan ID: {DD299E4B-3AC6-4ED8-9279-5546AF3722D6}

User: JOHNNY\Johnny Wase

Name: %JOHNNY271

ID: %JOHNNY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOHNNY276

Alert Type: %JOHNNY278

Detection Type: 1.1.1593.02

Event Record #/Type15737 / Warning
Event Submitted/Written: 05/12/2008 10:59:36 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JOHNNY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JOHNNY27 can't undo changes that you allow.

For more information please see the following:
%JOHNNY275

Scan ID: {733DB069-13F8-4B12-AD0A-8C635460AF4D}

User: JOHNNY\Johnny Wase

Name: %JOHNNY271

ID: %JOHNNY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JOHNNY276

Alert Type: %JOHNNY278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-12 23:02:20 ------------

Edited by spinedaddy, 12 May 2008 - 09:05 PM.

  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, which Java are you trying to download?

Please choose Java Runtime Environment (JRE) 6 Update 6
  • On Platform: please select Windows
  • On Language: please select Multi-language
  • Tick on I agree to the Java SE Runtime Environment 6 License Agreement and hit on Continue>>
  • After that, tick on Windows Offline Installation and hit Download Selected with Sun Download Manager
  • Follow all prompt and please set your firewall to allow the download/installation process continue..

  • 0

#14
spinedaddy

spinedaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I think I have Java 6 update6 downloaded. I also ran a dss scan and copied it in post above.
My computer seems to be running better. No more malware errors. I do seem to have a problem with the computer booting very slow and when restarting the Windows music that plays seems to be girgling or skipping. Not sure what that means.

Edited by spinedaddy, 12 May 2008 - 09:09 PM.

  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello spinedaddy, thanks for the reply... I have a good news for you.. Your logs look clean to my eyes :)


About your current computer problem, I don't think its malware related.. I belive it's best for you to go into our Windows XP Forum for further assistance.. Please tell them that you have seek assistance from Malware forum and we send you there.


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


I noticed that you already have:
1. CA Internet Security Suite as a complete security program consisting of antivirus, antispyware and firewall :)
2. Trojan Hunter as antispyware.



Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again



NEXT


And now, to help protect your computer in the future I would like to recommend you these following free programs. Please do remember to use only ONE "Real-Time Protection" software for EACH Antivirus, AntiSpyware and Firewall.
  • SpywareBlaster 4.0 to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)


Have a safe and happy computing day!


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP