Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Basic Maintainance [CLOSED]


  • This topic is locked This topic is locked

#1
K. Prophett

K. Prophett

    Member

  • Member
  • PipPip
  • 86 posts
This is just to fix some usual stuff on my computer. I've been gone away for school and who knows what has been downloaded on my computer to slow it up....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:59 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Ares\bak\Ares.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\LiveUpdate\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5069 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
K. Prophett

K. Prophett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Deckard's System Scanner v20071014.68
Run by Kendall P on 2008-05-28 15:36:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-05-28 20:37:35 UTC - RP1104 - Deckard's System Scanner Restore Point
6: 2008-05-28 20:24:37 UTC - RP1103 - Installed AVG Free 8.0
5: 2008-05-28 08:10:00 UTC - RP1102 - Software Distribution Service 2.0
4: 2008-05-28 04:40:53 UTC - RP1101 - Installed AVG 7.5
3: 2008-05-28 04:34:44 UTC - RP1100 - Removed AVG 7.5


-- First Restore Point --
1: 2008-05-28 03:25:47 UTC - RP1098 - Removed MSN Messenger 7.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 2.24 GiB (less than 15%) free.


-- HijackThis (run as Kendall P.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:02 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Kendall P\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kendall P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\LiveUpdate\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3783 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fsflt - c:\windows\system32\drivers\fsflt.sys (file missing)
R3 ltmodem5 (Lucent Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.92 Data+Fax Modem Version 8.28>
R3 RimVSerPort (RIM Virtual Serial Port v2) - c:\windows\system32\drivers\rimserial.sys <Not Verified; Research in Motion Ltd; RIM Modem>
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys <Not Verified; BCM; BCM Modem Driver>
S3 brfilt (Brother MFC Filter Driver) - c:\windows\system32\drivers\brfilt.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System>
S3 BrUsbScn (Brother MFC USB Scanner driver) - c:\windows\system32\drivers\brusbscn.sys <Not Verified; Brother Industries Ltd.; Microsoft® Windows® Operating System>
S3 mf - c:\windows\system32\drivers\mf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 QCDonner (Logitech QuickCam Express) - c:\windows\system32\drivers\ovcd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys <Not Verified; Research In Motion Limited; RIM handheld driver>
S3 USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - c:\windows\system32\drivers\usb8023.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 gb - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 AdobeActiveFileMonitor (Adobe Active File Monitor) - d:\program files\adobe 3\photoshopelementsfileagent.exe
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-28 13:00:02 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-05-28 12:00:02 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-05-28 11:00:02 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-05-28 10:00:02 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-05-28 09:00:02 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-05-28 08:00:02 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-05-28 07:00:02 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-05-28 06:00:02 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-05-28 05:00:02 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-05-28 04:00:02 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-05-28 03:00:02 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-05-28 02:00:02 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-05-28 01:00:02 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-05-28 00:00:04 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-05-27 23:00:08 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-05-27 22:00:06 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-05-27 21:00:02 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-05-27 20:00:02 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-05-27 19:00:02 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-05-27 18:00:02 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-05-27 17:00:02 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-05-27 16:00:02 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-05-27 15:00:02 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-05-27 14:00:02 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-05-15 17:33:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 15:25:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 15:25:01 0 d-------- C:\Documents and Settings\Kendall P\Application Data\AVGTOOLBAR
2008-05-28 15:24:39 0 d-------- C:\Program Files\AVG
2008-05-28 15:24:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-27 22:59:49 403794 --a------ C:\WINDOWS\469.exe
2008-05-27 22:58:37 266607 --a------ C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe
2008-05-27 22:49:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 22:46:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 14:40:22 0 d--hs---- C:\FOUND.049
2008-05-19 13:20:46 0 d-------- C:\Program Files\Trend Micro
2008-05-16 17:20:40 0 d--hs---- C:\FOUND.048
2008-05-16 11:07:42 0 d--hs---- C:\FOUND.047
2008-05-16 03:46:50 0 d--hs---- C:\FOUND.046
2008-05-15 23:25:55 0 d-------- C:\Documents and Settings\Kendall P\Application Data\InfraRecorder
2008-05-15 23:24:43 0 d-------- C:\Program Files\InfraRecorder
2008-05-15 02:17:09 0 --a------ C:\Program Files\uninstall.dat
2008-05-15 01:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-09 11:30:54 0 d--hs---- C:\FOUND.045
2008-04-28 20:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


-- Find3M Report ---------------------------------------------------------------

2008-05-27 21:40:22 2929 --a------ C:\WINDOWS\mozver.dat
2008-05-27 00:13:30 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 13:07:16 0 d-------- C:\Program Files\Microsoft Security Adviser


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/28/2008 03:25 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/28/2008 03:25 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BVRPLiveUpdate"="C:\Program Files\LiveUpdate\Engine\Setup.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/28/2008 03:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="D:\Program Files\Ares\bak\Ares.exe" [10/30/2005 06:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/28/2008 08:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"system"="csuvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MTV Networks Video Optimizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MTV Networks Video Optimizer.lnk
backup=C:\WINDOWS\pss\MTV Networks Video Optimizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kendall P^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Kendall P\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
D:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmool.exe]
C:\WINDOWS\system32\dmool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\system32\cwnkhgul.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"D:\Program Files\Trend Micro\Pop3trap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
C:\Program Files\QUICKENW\QAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
"D:\Program Files\Trend Micro\WebTrapNT.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
"C:\Documents and Settings\Kendall P\Desktop\utorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"AdobeActiveFileMonitor"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Tmntsrv"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)
"LexBceS"=2 (0x2)
"AVGEMS"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"SQLWriter"=3 (0x3)
"NVSvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86



-- End of Deckard's System Scanner: finished at 2008-05-28 15:42:36 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.53 MiB / 80.53 MiB
Pagefile Memory (total/avail): 617.91 MiB / 353.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.47 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 15.6 GiB total, 2.24 GiB free.
D: is Fixed (NTFS) - 40.27 GiB total, 1.71 GiB free.
E: is CDROM (No Media)
F: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 15.63 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 40.27 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe"="C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Disabled:tgcmd Module"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Ares\\Ares.exe"="D:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"D:\\Program Files\\Trend Micro\\WebTrapNT.exe"="D:\\Program Files\\Trend Micro\\WebTrapNT.exe:*:Enabled:WebTrap"
"D:\\Program Files\\PC-cillin\\WebTrapNT.exe"="D:\\Program Files\\PC-cillin\\WebTrapNT.exe:*:Enabled:WebTrap"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\AIM\\aim.exe"="D:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Program Files\\Ares\\bak\\Ares.exe"="D:\\Program Files\\Ares\\bak\\Ares.exe:*:Enabled:Ares"
"C:\\Documents and Settings\\Kendall P\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Kendall P\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:@xpsp2res.dll,-22008"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:@xpsp2res.dll,-22008"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kendall P\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PROPHETT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kendall P
LOGONSERVER=\\PROPHETT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KENDAL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KENDAL~1\LOCALS~1\Temp
USERDOMAIN=PROPHETT
USERNAME=Kendall P
USERPROFILE=C:\Documents and Settings\Kendall P
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Kendall P (admin)
Ladon P (admin)
Ladon P (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21313051-BEA2-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CAF07A2-BEA4-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7052066D-7016-11D5-B89E-00B0D0D26B88}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B960F4A0-BEEF-4170-86CD-57CABE6237E6}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D54AAC0A-BE99-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 1.9.9 --> "D:\Program Files\Ares\uninstall.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Canon S630 --> C:\WINDOWS\system32\CNMCP3E.EXE [email protected]:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S630 Installer\Inst\DeIsL3.isu" -pCanon S630-c"C:\BJPrinter\CNMWINDOWS\Canon S630 Installer\Inst\bjinst.dll
Canon S630 --> C:\WINDOWS\system32\CNMS630.EXE [email protected]:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S630 Installer\Inst\DeIsL1.isu" -pCanon S630-c"C:\BJPrinter\CNMWINDOWS\Canon S630 Installer\Inst\bjinst.dll
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
DigitalPrint 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2069DE3-5924-4766-A385-CDA273885A31}\setup.exe" /Uninstall
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java 2 Runtime Environment Standard Edition v1.3.1_18 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B78-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.14 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Return of Arcade --> C:\Program Files\Microsoft Games\Return of Arcade\setup\setup.exe /m
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mobile PhoneTools --> MsiExec.exe /I{CF88712B-16A3-45A1-B6C5-8E6CD0408E61}
Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MovieShaker 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Visualizer Library 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe"
Native Instruments - Traktor 1.06 --> D:\PROGRA~1\Traktor\UNINST~1\106\UNWISE.EXE D:\PROGRA~1\Traktor\UNINST~1\106\INSTALL.LOG
Nero 6 --> D:\Program Files\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OpenMG Secure Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}\setup.exe" UNINSTALL
PicoPlayer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8139011A-4039-46C7-8614-A3F8948121AD}\setup.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Smart Capture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B6F4C00-E935-11D3-A98A-0080986030D9}\setup.exe"
SonicStage CD-R Writing Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}\Setup.exe"
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Support Actions Win2K,WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
VAIO Action Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\setup.exe"
VAIO Grid Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}\setup.exe"
VAIO Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}\setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIOWorld --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601B53EE-509D-4649-9173-14A864F1E807}\setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VisualFlow 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D920}\setup.exe" /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type183553 / Error
Event Submitted/Written: 05/28/2008 03:42:01 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (904) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type183552 / Error
Event Submitted/Written: 05/28/2008 03:41:58 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (904) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type183551 / Error
Event Submitted/Written: 05/28/2008 03:41:52 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (904) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type183550 / Error
Event Submitted/Written: 05/28/2008 03:41:48 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (904) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type183549 / Error
Event Submitted/Written: 05/28/2008 03:41:47 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (904) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).



-- Security Event Log ----------------------------------------------------------

Event Record #/Type183553 / Error
Event Submitted/Written: 05/28/2008 03:42:01 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183552 / Error
Event Submitted/Written: 05/28/2008 03:41:58 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183551 / Error
Event Submitted/Written: 05/28/2008 03:41:52 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183550 / Error
Event Submitted/Written: 05/28/2008 03:41:48 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183549 / Error
Event Submitted/Written: 05/28/2008 03:41:47 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.



-- System Event Log ------------------------------------------------------------

Event Record #/Type183553 / Error
Event Submitted/Written: 05/28/2008 03:42:01 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183552 / Error
Event Submitted/Written: 05/28/2008 03:41:58 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183551 / Error
Event Submitted/Written: 05/28/2008 03:41:52 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183550 / Error
Event Submitted/Written: 05/28/2008 03:41:48 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Event Record #/Type183549 / Error
Event Submitted/Written: 05/28/2008 03:41:47 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost904C:\WINDOWS\system32\CatRoot2\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.



-- End of Deckard's System Scanner: finished at 2008-05-28 15:42:36 ------------




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 10:19:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 808891
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 80779
Number of viruses found: 15
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 03:45:50

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\modsregn.exe Object is locked skipped
C:\WINDOWS\system32\dwdsregt.exe Object is locked skipped
C:\WINDOWS\system32\qwinpndv.exe Object is locked skipped
C:\WINDOWS\system32\awvtq.dll Object is locked skipped
C:\WINDOWS\system32\filesafer23.exe/data0002 Infected: not-a-virus:FraudTool.Win32.UnSpyPc.b skipped
C:\WINDOWS\system32\filesafer23.exe/data0003 Infected: not-a-virus:FraudTool.Win32.UnSpyPc.a skipped
C:\WINDOWS\system32\filesafer23.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\{F3663D2E-614B-4EE1-9380-4C9E15BED1E2}.exe Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_480.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B65BAC2F-D7EA-45DF-9CB8-A06B608B9F5D}.bin Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\469.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.cmz skipped
C:\WINDOWS\469.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.cmz skipped
C:\WINDOWS\469.exe NSIS: infected - 2 skipped
C:\WINDOWS\NDNuninstall6_38.exe Object is locked skipped
C:\WINDOWS\NDNuninstall7_22.exe Object is locked skipped
C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kendall P\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe NSIS: infected - 7 skipped
C:\Documents and Settings\Kendall P\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-658cb64a.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-658cb64a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-42ed57a9-44e56339.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\6.0\35\7adb71e3-1ad87faf Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the Kaspersky log again as some of it got cut off


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\469.exe
    C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe
    C:\FOUND.049
    C:\FOUND.048
    C:\FOUND.047
    C:\FOUND.046
    C:\FOUND.045
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmool.exe
    C:\WINDOWS\system32\dmool.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager
    C:\WINDOWS\system32\cwnkhgul.dll
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#5
K. Prophett

K. Prophett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 10:19:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 808891
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 80779
Number of viruses found: 15
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 03:45:50

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\modsregn.exe Object is locked skipped
C:\WINDOWS\system32\dwdsregt.exe Object is locked skipped
C:\WINDOWS\system32\qwinpndv.exe Object is locked skipped
C:\WINDOWS\system32\awvtq.dll Object is locked skipped
C:\WINDOWS\system32\filesafer23.exe/data0002 Infected: not-a-virus:FraudTool.Win32.UnSpyPc.b skipped
C:\WINDOWS\system32\filesafer23.exe/data0003 Infected: not-a-virus:FraudTool.Win32.UnSpyPc.a skipped
C:\WINDOWS\system32\filesafer23.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\{F3663D2E-614B-4EE1-9380-4C9E15BED1E2}.exe Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_480.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B65BAC2F-D7EA-45DF-9CB8-A06B608B9F5D}.bin Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\469.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.cmz skipped
C:\WINDOWS\469.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.cmz skipped
C:\WINDOWS\469.exe NSIS: infected - 2 skipped
C:\WINDOWS\NDNuninstall6_38.exe Object is locked skipped
C:\WINDOWS\NDNuninstall7_22.exe Object is locked skipped
C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kendall P\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kendall P\Local Settings\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe NSIS: infected - 7 skipped
C:\Documents and Settings\Kendall P\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-658cb64a.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc14a-658cb64a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-42ed57a9-44e56339.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\6.0\35\7adb71e3-1ad87faf Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-7c000362/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kendall P\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-7c000362 ZIP: infected - 1 skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\history.dat Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\key3.db Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kendall P\Application Data\Mozilla\Firefox\Profiles\rj8rgf8p.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B2.tmp.bac_a01244/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B2.tmp.bac_a01244/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B2.tmp.bac_a01244/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B2.tmp.bac_a01244 ZIP: infected - 3 skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B2.tmp.bac_a01244 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244/javautil.zip Infected: Trojan-Downloader.Win32.Small.cco skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244 ZIP: infected - 4 skipped
C:\Documents and Settings\Kendall P\.housecall\Quarantine\B3.tmp.bac_a01244 CryptFF.b: infected - 4 skipped
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Object is locked skipped
C:\Program Files\WinBudget\bin\matrix.dll Object is locked skipped
C:\Program Files\WinBudget\bin\crap.1169505282.old/data0000 Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\Program Files\WinBudget\bin\crap.1169505282.old EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1102\A0485539.sys Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\change.log Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485589.dll Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485811.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485812.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485813.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485814.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485815.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485818.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485819.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485820.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485826.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485827.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485828.exe Object is locked skipped
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\A0485829.dll Object is locked skipped
D:\8e4fd1b6141d98a9d448221189f2f1\setup\program files\microsoft sql server\90\shared\sqldumper.exe Object is locked skipped
D:\downloads\___ARESTRA___4-juelz santana - santana's town part 2.mp3 Object is locked skipped
D:\downloads\___ARESTRA___lil wayne_ft_static-lollipop(2).mp3 Object is locked skipped
D:\downloads\___ARESTRA___lil wayne_ft_static-lollipop.mp3 Object is locked skipped
D:\downloads\___ARESTRA___lollipop feat static major bmf(2).mp3 Object is locked skipped
D:\downloads\___ARESTRA___snoop-sexualeruption-dirty(21).mp3 Object is locked skipped
D:\downloads\___ARESTRA___snoop-sexualeruption-dirty(5).mp3 Object is locked skipped
D:\f9f8874d3f59de4022c8\setup\program files\microsoft sql server\90\shared\sqldumper.exe Object is locked skipped
D:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1104\change.log Object is locked skipped

Scan process completed.


Explorer killed successfully
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\469.exe moved successfully.
File/Folder C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe not found.
C:\FOUND.049 moved successfully.
C:\FOUND.048 moved successfully.
C:\FOUND.047 moved successfully.
C:\FOUND.046 moved successfully.
C:\FOUND.045 moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmool.exe >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmool.exe\\ deleted successfully.
File/Folder C:\WINDOWS\system32\dmool.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager\\ deleted successfully.
File/Folder C:\WINDOWS\system32\cwnkhgul.dll not found.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fsflt\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_121222







Deckard's System Scanner v20071014.68
Run by Kendall P on 2008-05-29 15:57:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Kendall P.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:54 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Kendall P\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KENDAL~1.EXE
C:\WINDOWS\system32\spoolsv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\LiveUpdate\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...re/AxLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 3956 bytes

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 05:56:29 0 d-------- C:\Documents and Settings\Guest\Application Data\AVGTOOLBAR
2008-05-28 16:46:20 0 d--h----- C:\$AVG8.VAULT$
2008-05-28 15:48:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 15:48:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 15:25:01 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 15:25:01 0 d-------- C:\Documents and Settings\Kendall P\Application Data\AVGTOOLBAR
2008-05-28 15:24:39 0 d-------- C:\Program Files\AVG
2008-05-28 15:24:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-27 22:49:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 22:46:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 13:20:46 0 d-------- C:\Program Files\Trend Micro
2008-05-15 23:25:55 0 d-------- C:\Documents and Settings\Kendall P\Application Data\InfraRecorder
2008-05-15 23:24:43 0 d-------- C:\Program Files\InfraRecorder
2008-05-15 02:17:09 0 --a------ C:\Program Files\uninstall.dat
2008-05-15 01:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited


-- Find3M Report ---------------------------------------------------------------

2008-05-27 21:40:22 2929 --a------ C:\WINDOWS\mozver.dat
2008-05-27 00:13:30 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 13:07:16 0 d-------- C:\Program Files\Microsoft Security Adviser


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/28/2008 03:25 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/28/2008 03:25 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BVRPLiveUpdate"="C:\Program Files\LiveUpdate\Engine\Setup.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/28/2008 03:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="D:\Program Files\Ares\bak\Ares.exe" [10/30/2005 06:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/28/2008 08:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"system"="csuvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MTV Networks Video Optimizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MTV Networks Video Optimizer.lnk
backup=C:\WINDOWS\pss\MTV Networks Video Optimizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kendall P^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Kendall P\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
D:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
"D:\Program Files\Trend Micro\Pop3trap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
C:\Program Files\QUICKENW\QAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
"D:\Program Files\Trend Micro\WebTrapNT.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
"C:\Documents and Settings\Kendall P\Desktop\utorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido security suite control"=2 (0x2)
"AdobeActiveFileMonitor"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Tmntsrv"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)
"LexBceS"=2 (0x2)
"AVGEMS"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"SQLWriter"=3 (0x3)
"NVSvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-05-29 16:00:03 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\modsregn.exe 
    C:\WINDOWS\system32\dwdsregt.exe 
    C:\WINDOWS\system32\qwinpndv.exe 
    C:\WINDOWS\system32\awvtq.dll 
    C:\WINDOWS\system32\filesafer23.exe
    C:\WINDOWS\system32\{F3663D2E-614B-4EE1-9380-4C9E15BED1E2}.exe
    C:\WINDOWS\469.exe
    C:\WINDOWS\NDNuninstall6_38.exe 
    C:\WINDOWS\NDNuninstall7_22.exe 
    C:\WINDOWS\ISMSetup Venora3 (aid=3 smiley).exe
    C:\Documents and Settings\Kendall P\My Documents\My Downloads\setup_ares.exe
    C:\Program Files\WinBudget
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Documents and Settings\Kendall P\My Documents\My Downloads">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#7
K. Prophett

K. Prophett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Volume in drive C has no label.
Volume Serial Number is 1052-B046

Directory of C:\Documents and Settings\Kendall P\My Documents\My Downloads

05/05/2005 09:35 PM <DIR> .
05/05/2005 09:35 PM <DIR> ..
05/05/2005 09:35 PM 476,304 GoogleToolbarInstaller.exe
08/10/2006 01:00 AM 1,095,775 SetupImgBurn_2.0.0.0.exe
12/06/2005 07:27 PM 1,416,944 WM9Codecs.exe
08/02/2006 10:42 PM <DIR> CRACK
01/02/2007 07:12 PM 1,462,782 ares.exe
07/19/2007 01:13 PM 468,736 msgr8us.exe
12/28/2005 03:44 PM 2,855,080 aawsepersonal.exe
08/06/2005 09:39 PM <DIR> Data
08/06/2005 09:40 PM <DIR> Setup3420C
06/13/2005 05:45 PM 443,774 ac3filter_1_01a_rc5.exe
7 File(s) 8,219,395 bytes
5 Dir(s) 2,961,973,248 bytes free


Malwarebytes' Anti-Malware 1.12
Database version: 799

Scan type: Quick Scan
Objects scanned: 45667
Time elapsed: 22 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cf46bfb3-2acc-441b-b82b-36b9562c7ff1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Helper (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\zAbstract (Adware.Scaggy) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dcd53738-c4f9-414a-a03c-c7405a4ac844} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{00dbdac8-4691-4797-8e6a-7c6ab89bc441} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b02FdUe (Malware.Folder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080515021718796.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516023946421.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516092523968.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516093310937.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516133947312.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516170803843.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080516173513968.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\LOG\20080518022510484.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alog.txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\help.txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kendall P\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ladon P\Desktop\Click To Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.




The computer seems to run fine for what it is. It's a Sony Vaio that my parents bought when I was in 8th grade and now I'm a junior in college. I know it won't run as fast as other computers since I only have 256 MBs of RAM. There was a point in time recently where the internet connection only worked for about a hour then a restart was needed for it to work again. At points in time I get Send Error Report dialogs that come up saying "a serious system error had been discovered", something about a "Generic Host"(when I click "dont send" on this one, the windows go to the classic windows with the square, not rounded, windows). And I don't know if this has anything to do with the running of the computer, but there is something going on where I can't update Internet Explorer or Windows Media player because "my copy of windows isn't a genuine copy".
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Kendall P\My Documents\My Downloads\CRACK
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP