Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i been hijacked! [CLOSED]


  • This topic is locked This topic is locked

#1
BuzzOff

BuzzOff

    New Member

  • Member
  • Pip
  • 8 posts
My problem is that I can access some websites (e.g. Google) but not others (e.g. netflix). I can not send or receive email. I can access all internet functions with no problem from every other computer in my house. My son pointed out a problem with dwwin.exe, and I deleted it, but it came back. Also, I get a message that looks like the Windows message "The System has recovered from a serious error". I close the window, and it keeps coming back again and again.

(I originally posted with Title dwwin.exe, but I changed it 'cause I don't really know that that's the problem)

I've done the whole series of steps you require first.

I really appreciate any help you can give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:30 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\PGP for Windows XP\PGPtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\vkillers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Buzz%20Off/My%20Documents/Netscape%20Startup%20Page.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\vkillers\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
O4 - HKCU\..\Run: [Awola6] "C:\Documents and Settings\Buzz Off\Application Data\Awola6\Awola6.exe" /MIN
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NVIDIA Firewall Tray.lnk = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - Global Startup: PGPtray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/im.../SYSSCANNER.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144640722093
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.sc...perSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12638 bytes

-----------------------------------------------------------------------------------------------

Uninstall List

101 Dalmatians StoryBook
ACDSee
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Photoshop Album
Adobe Reader 8.1.2
Adobe Shockwave Player
Age of Wonders Shadow Magic
AIM 6
Aliens vs. Predator 2
Arthur's Reading Race
AsusUpdate
Athlon 64 Processor Driver
AudibleManager
AVG 7.5
AVG Anti-Spyware 7.5
Black and White
Caesar 3
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Carnivores Ice Age
Cataclysm
Command & Conquer 3
Command & Conquer Generals
Command & Conquer Generals Demo
Command & Conquer Red Alert 2
Command & Conquer The First Decade
Command & Conquer Tiberian Sun
Cool & Quiet
coverXP (remove only)
Creative Software AutoUpdate
Creative System Information
Creative ZEN
Cypress USB Mass Storage Driver Installation
Diablo II
Direct WAV MP3 Splitter 2.4
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drivers Install For Linksys Easylink Advisor
Dungeon Keeper 2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Language 61
Emperor: Rise of the Middle Kingdom 1.0.1.0
First Step Guide
Forté Agent
FreeUndelete
Google Earth
Half-Life
Half-Life Model Viewer 1.25
Half-Life: Counter-Strike
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
hp photosmart printer series (Remove only)
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Wireless Rechargeable Optical Mouse
ImageMixer VCD/DVD2 for OLYMPUS
ImageMixer VCD2
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
JumpStart Kindergarten 98 v2.0
JumpStart Music
KissYouTube.com Offline Version 1.1 Freeware
Liberty BASIC v4.03
Liberty BASIC Workshop
LimeWire 4.12.11
Linksys EasyLink Advisor 1.6 (0032)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logic Quest
M1LibEd
Macromedia Dreamweaver MX
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MasterSplitter Program
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expedia Streets 98
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
MIDI-OX
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Napster
Natural Selection 3.2
Nero 6 Enterprise Edition
Network Play System (Patching)
Neverwinter Nights Platinum Edition
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OLYMPUS Master
OpenOffice.org 2.0
Panda ActiveScan 2.0
PC Probe II
PGP 8.0
Pharaoh
Picasa 2
Picture Package
Protected Music Converter 0.99.24b
Quickbooks 6.0
Quicken Deluxe 2001
QuickTime
Reader Rabbit 1st Grade
Reader Rabbit's Kindergarten
RealPlayer
RebirthRO Full Client
RollerCoaster Tycoon 3
Roxio Burn Engine
Roxio Easy Media Creator 7
Sacrifice
Security Task Manager 1.7e
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Serious Sam: The First Encounter
Sierra Utilities
SimCity 4 Deluxe
Sony USB Driver
SpongeBob SquarePants Diner Dash 2
Spybot - Search & Destroy 1.4
Star Wars Galaxies: 14-Day Trial
Star Wars Jedi Knight Jedi Academy
SUPERAntiSpyware Free Edition
The Battle for Middle-earth ™
The Battle for Middle-earth ™ II
The Sims
The Sims 2
The Sims 2 University
Total Annihilation
Trailer Park Tycoon
Trillian
TrueCrypt
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Storage Adapter FX (SM1)
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
War of the Ring™
Webster's New World Dictionary
Westwood Shared Internet Components
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Wonderland Secret Worlds Full Version
World of Warcraft
X-Com Enforcer
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
ZEN Media Explorer
ZENcast Organizer
Zoo Tycoon 2

--------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.12
Database version: 775

Scan type: Quick Scan
Objects scanned: 40679
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Adapter 5.1.3214 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Buzz Off\Application Data\Awola6 (Rogue.Awola) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buzz Off\Start Menu\Programs\Awola6 (Rogue.Awola) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Buzz Off\Application Data\Awola6\settings.ini (Rogue.Awola) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buzz Off\Start Menu\Programs\Awola6\Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.
C:\Documents and Settings\Buzz Off\Start Menu\Programs\Awola6\Uninstall Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-24 00:46:37
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.com.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
0016856 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.apmebf.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.advertising.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.questionmarket.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.go.com/]
00194327 Cookie/Go  TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Cookies\[email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Mozilla\Firefox\Profiles\7wea95n6.default\cookies.txt[.go.com/]
01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Buzz Off\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location c
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description c
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

---------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/21/2008 at 06:59 PM

Application Version : 4.1.1046

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Complete Scan
Total Scan Time : 02:05:49

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 6980
Registry threats detected : 1
File items scanned : 224303
File threats detected : 2

Malware.DrAntiSpy
HKU\S-1-5-21-790525478-1708537768-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#DrAntispy [ C:\Program Files\DrAntispy\DrAntispy.exe ]

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{09295BD2-9868-43BE-BC0D-F624440AA6F2}\RP733\A0365272.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{09295BD2-9868-43BE-BC0D-F624440AA6F2}\RP733\A0365274.ICO

-------------------------------------------------------------------------------------------------------

I really appreciate any help you geek lords can give me.

Buzz Off

Edited by BuzzOff, 25 May 2008 - 08:16 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download the HostsXpert by funkytoad.
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for helping me with this, fenzodahl512. I'll be home (where my computer is) through Saturday and Sunday, then I'm on the road again.

Here are the two log files:

Deckard's System Scanner v20071014.68
Run by Buzz Off on 2008-05-30 21:15:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2008-05-31 01:15:04 UTC - RP757 - Deckard's System Scanner Restore Point
31: 2008-05-31 00:34:39 UTC - RP756 - System Checkpoint
30: 2008-05-29 15:00:46 UTC - RP755 - System Checkpoint
29: 2008-05-28 14:41:10 UTC - RP754 - System Checkpoint
28: 2008-05-27 13:41:10 UTC - RP753 - System Checkpoint


-- First Restore Point --
1: 2008-05-05 08:47:29 UTC - RP726 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Buzz Off.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:30 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PGP for Windows XP\PGPtray.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Buzz Off\Desktop\dss.exe
C:\vkillers\Buzz Off.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Buzz%20Off/My%20Documents/Netscape%20Startup%20Page.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\vkillers\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Awola6] "C:\Documents and Settings\Buzz Off\Application Data\Awola6\Awola6.exe" /MIN
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NVIDIA Firewall Tray.lnk = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - Global Startup: PGPtray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/im.../SYSSCANNER.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144640722093
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.sc...perSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12429 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys
R2 PGPdisk - c:\windows\system32\drivers\pgpdisk.sys <Not Verified; PGP Corporation; PGP>
R2 PGPsdkDriver - c:\windows\system32\drivers\pgpsdk.sys <Not Verified; PGP Corporation; PGPsdk>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
S3 AEAudioService (AEAudio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
S3 iatmunin - c:\docume~1\buzzof~1\locals~1\temp\iatmunin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 PGPsdkServ (PGPsdkService) - c:\windows\system32\pgpsdkserv.exe <Not Verified; PGP Corporation; PGPsdk>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-30 21:14:00 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0B00E32C-2A88-4301-BBF9-0B14A51E83DF}.job


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-23 22:44:37 0 d-------- C:\Program Files\Panda Security
2008-05-21 15:58:04 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Malwarebytes
2008-05-21 15:57:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 15:57:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 15:57:03 0 d-------- C:\Program Files\Symantec
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-21 14:06:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 14:06:45 0 d-------- C:\Program Files\Security Task Manager
2008-05-21 12:51:22 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-21 12:32:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Google
2008-05-21 12:31:54 0 d-------- C:\Documents and Settings\Boink\Application Data\AVG7
2008-05-21 12:31:39 0 d-------- C:\Documents and Settings\Boink\Application Data\Grisoft
2008-05-21 12:31:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Identities
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Templates
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Start Menu
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\SendTo
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Recent
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\PrintHood
2008-05-21 12:30:40 1048576 --ah----- C:\Documents and Settings\Boink\NTUSER.DAT
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\NetHood
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\My Documents
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Local Settings
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Favorites
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Desktop
2008-05-21 12:30:40 0 d--hs---- C:\Documents and Settings\Boink\Cookies
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Application Data
2008-05-21 12:30:40 0 d---s---- C:\Documents and Settings\Boink\Application Data\Microsoft
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Application Data\Gtek
2008-05-18 17:30:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-05-18 17:29:45 0 d--h----- C:\Documents and Settings\Buzz Off\Application Data\GTek
2008-05-18 17:29:05 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-05-18 17:29:04 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-05-09 09:32:19 0 --ahs---- C:\Documents and Settings\Buzz Off\Application Data\0000000000.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-21 16:50:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-21 16:50:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:57:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files
2008-05-21 14:21:55 0 d-------- C:\Program Files\Google
2008-05-21 14:15:43 0 d-------- C:\Program Files\Viewpoint
2008-05-18 19:46:17 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-18 19:38:45 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\dvdcss
2008-05-18 07:58:53 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\ZoomBrowser EX
2008-05-14 19:39:52 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\LimeWire
2008-05-12 15:55:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-09 21:24:01 33 --a------ C:\Documents and Settings\Buzz Off\Application Data\install.ini
2008-05-05 17:06:13 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Adobe
2008-05-03 08:23:12 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-04-13 19:56:19 53248 --a------ C:\WINDOWS\runepson.exe
2008-04-11 23:05:54 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\AVG7
2008-04-09 13:59:05 0 d-------- C:\Program Files\Ventrilo
2008-03-11 09:09:48 1443 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:51 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 03:35 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [01/27/2004 05:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"QD FastAndSafe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 05:50 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [08/11/2006 09:43 PM C:\WINDOWS\system32\nvmctray.dll]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [07/29/2005 05:25 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"Mouse Suite 98 Daemon"="ICO.EXE" [11/20/2003 02:08 PM C:\WINDOWS\system32\ico.exe]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 12:35 PM]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [01/13/2006 02:46 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 02:46 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"CTCheck"="C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe" [10/25/2007 12:51 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Steam"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [01/11/2007 09:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 06:16 PM]
"Awola6"="C:\Documents and Settings\Buzz Off\Application Data\Awola6\Awola6.exe" []
"Aim6"="" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 05:51 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Buzz Off\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [4/11/2006 8:27:14 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-05-30 21:21:12 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 959.3 MiB / 501.55 MiB
Pagefile Memory (total/avail): 2313.53 MiB / 1830.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.22 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 233.75 GiB total, 40.1 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 6V250F0 - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 470.65 MiB - 1 partition
\PARTITION0 - Win95 w/Extended Int 13 - 477.36 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Westwood\\RA2\\patchget.dat"="C:\\Program Files\\Westwood\\RA2\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\games\\Warcraft III\\Warcraft III.exe"="C:\\games\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\games\\Black & White\\runblack.exe"="C:\\games\\Black & White\\runblack.exe:*:Disabled:lh"
"C:\\games\\Starcraft\\starcraft.exe"="C:\\games\\Starcraft\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe"="C:\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\games\\BFME2\\game.dat"="C:\\games\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\\AIM\\aim.exe"="C:\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\games\\Zoo Tycoon 2\\zt.exe"="C:\\games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\games\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\games\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Steam\\SteamApps\\tarrker\\counter-strike\\hl.exe"="C:\\Steam\\SteamApps\\tarrker\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe"="C:\\Steam\\SteamApps\\[email protected]\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\games\\Spring\\spring.exe"="C:\\games\\Spring\\spring.exe:*:Enabled:spring"
"C:\\Steam\\SteamApps\\irondogg12\\counter-strike\\hl.exe"="C:\\Steam\\SteamApps\\irondogg12\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Steam\\SteamApps\\irondogg12\\condition zero\\hl.exe"="C:\\Steam\\SteamApps\\irondogg12\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Buzz Off\\Desktop\\OLD AIM\\aim.exe"="C:\\Documents and Settings\\Buzz Off\\Desktop\\OLD AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\games\\Zoo Tycoon 2\\World of Warcraft\\BackgroundDownloader.exe"="C:\\games\\Zoo Tycoon 2\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\games\\Zoo Tycoon 2\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"="C:\\games\\Zoo Tycoon 2\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Mozilla Firefox\\firefox.exe"="C:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Buzz Off\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TEELA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Buzz Off
LOGONSERVER=\\TEELA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 63 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=3f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp
USERDOMAIN=TEELA
USERNAME=Buzz Off
USERPROFILE=C:\Documents and Settings\Buzz Off
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Buzz Off (admin)
Boink (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
101 Dalmatians StoryBook --> C:\DISNEY\101_ASB\101_DEL95.EXE
ACDSee --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ACDSee\ACD\Uninstall.isu" -c"C:\Program Files\ACDSee\ACD\hpiunAC.dll
Ad-Aware SE Personal --> C:\vkillers\AD-AWA~1\UNWISE.EXE C:\vkillers\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F9E6AA-7075-49EC-992F-A6213C73607F}\apxp.ex_" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Wonders Shadow Magic --> C:\Program Files\Age of Wonders Shadow Magic\aowsmUninstall.exe
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
Arthur's Reading Race --> C:\WINDOWS\uninst.exe -fC:\Lvg_Bks\DeIsL1.isu
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Digital Photo Professional 2.2 --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Carnivores Ice Age --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Carnivores Ice Age\Uninst.isu"
Cataclysm --> C:\Sierra\CATACL~1\UNINST~1\UNWISE.EXE C:\Sierra\CATACL~1\UNINST~1\INSTALL.LOG
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Generals Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{19A9210F-E0A2-40C9-9CC5-4583051FA5E7}
Command & Conquer Red Alert 2 --> C:\Program Files\Westwood\RA2\Uninstll.EXE
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command & Conquer Tiberian Sun --> C:\Program Files\Westwood\SUN\Uninstll.EXE
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Direct WAV MP3 Splitter 2.4 --> "C:\Program Files\Direct WAV MP3 Splitter\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Dungeon Keeper 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Bullfrog\Dungeon Keeper 2\Uninst.isu" -c"C:\Program Files\Bullfrog\Dungeon Keeper 2\uninst.dll"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Language 61 --> MsiExec.exe /I{14885FC7-745C-49D1-98D0-001989EC6646}
Emperor: Rise of the Middle Kingdom 1.0.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x9
First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL
Forté Agent --> E:\AGENT4~1.1\UNWISE.EXE E:\AGENT4~1.1\INSTALL.LOG "Uninstall Forté Agent"
FreeUndelete --> C:\Program Files\FreeUndelete\GLF5A.exe /handle:fun
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe
Half-Life: Counter-Strike --> C:\Sierra\COUNTE~1\UNWISE.EXE C:\Sierra\COUNTE~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "E:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{759524D5-08C9-4E88-8EB3-8D6ECB226C52}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Wireless Rechargeable Optical Mouse --> PMUninst.exe MouseSuite98
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello Buzz, thanks for the reply.. Firstly, please noticed that your AVG7 and AVG antispyware are out-of-date and no longer supported by Grisoft.. It has been replaced by AVG8.. Please visit this website for more details :)


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.



NEXT


Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint Media Player




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Buzz Off\Application Data\0000000000.dat
    C:\Program Files\Viewpoint
    C:\Documents and Settings\Buzz Off\Application Data\Awola6
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ViewMgr
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Awola6
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.



Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh Deckard System Scanner (after final step)


Regards
fenzodahl512
  • 0

#5
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Fenzo

I did all that. When I ran DSS at the end, I got a main.txt, but not extra.txt. I ran DSS without /daft. That's what you meant, right?

Here are the logs:

Explorer killed successfully
C:\Documents and Settings\Buzz Off\Application Data\0000000000.dat moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
File/Folder C:\Documents and Settings\Buzz Off\Application Data\Awola6 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ViewMgr >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ViewMgr deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Awola6 >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Awola6 deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DF3F36.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE554.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE561.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE577.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6BE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6CC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF433.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF440.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF56E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF57B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF5CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6A5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6DF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6EC.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05312008_174153

Files moved on Reboot...
C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DF3F36.tmp moved successfully.
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE554.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE561.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE577.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6AA.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6BE.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFE6CC.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF433.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF440.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF56E.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF57B.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF5CE.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6A5.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6DF.tmp not found!
File C:\DOCUME~1\BUZZOF~1\LOCALS~1\Temp\~DFF6EC.tmp not found!


Deckard's System Scanner v20071014.68
Run by Buzz Off on 2008-05-31 17:51:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Buzz Off.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:48 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PGP for Windows XP\PGPtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Buzz Off\Desktop\dss.exe
C:\vkillers\BUZZOF~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Buzz%20Off/My%20Documents/Netscape%20Startup%20Page.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\vkillers\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NVIDIA Firewall Tray.lnk = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - Global Startup: PGPtray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/im.../SYSSCANNER.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144640722093
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.sc...perSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12115 bytes

-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-23 22:44:37 0 d-------- C:\Program Files\Panda Security
2008-05-21 15:58:04 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Malwarebytes
2008-05-21 15:57:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 15:57:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 15:57:03 0 d-------- C:\Program Files\Symantec
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-21 14:06:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 14:06:45 0 d-------- C:\Program Files\Security Task Manager
2008-05-21 12:51:22 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-21 12:32:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Google
2008-05-21 12:31:54 0 d-------- C:\Documents and Settings\Boink\Application Data\AVG7
2008-05-21 12:31:39 0 d-------- C:\Documents and Settings\Boink\Application Data\Grisoft
2008-05-21 12:31:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Identities
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Templates
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Start Menu
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\SendTo
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Recent
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\PrintHood
2008-05-21 12:30:40 1048576 --ah----- C:\Documents and Settings\Boink\NTUSER.DAT
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\NetHood
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\My Documents
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Local Settings
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Favorites
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Desktop
2008-05-21 12:30:40 0 d--hs---- C:\Documents and Settings\Boink\Cookies
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Application Data
2008-05-21 12:30:40 0 d---s---- C:\Documents and Settings\Boink\Application Data\Microsoft
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Application Data\Gtek
2008-05-18 17:30:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-05-18 17:29:45 0 d--h----- C:\Documents and Settings\Buzz Off\Application Data\GTek
2008-05-18 17:29:05 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-05-18 17:29:04 0 d-------- C:\Program Files\Linksys EasyLink Advisor


-- Find3M Report ---------------------------------------------------------------

2008-05-21 16:50:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-21 16:50:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:57:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files
2008-05-21 14:21:55 0 d-------- C:\Program Files\Google
2008-05-18 19:46:17 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-18 19:38:45 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\dvdcss
2008-05-18 07:58:53 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\ZoomBrowser EX
2008-05-14 19:39:52 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\LimeWire
2008-05-12 15:55:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-09 21:24:01 33 --a------ C:\Documents and Settings\Buzz Off\Application Data\install.ini
2008-05-05 17:06:13 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Adobe
2008-05-03 08:23:12 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-04-13 19:56:19 53248 --a------ C:\WINDOWS\runepson.exe
2008-04-11 23:05:54 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\AVG7
2008-04-09 13:59:05 0 d-------- C:\Program Files\Ventrilo
2008-03-11 09:09:48 1443 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:51 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 03:35 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [01/27/2004 05:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"QD FastAndSafe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 05:50 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [08/11/2006 09:43 PM C:\WINDOWS\system32\nvmctray.dll]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [07/29/2005 05:25 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"Mouse Suite 98 Daemon"="ICO.EXE" [11/20/2003 02:08 PM C:\WINDOWS\system32\ico.exe]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 12:35 PM]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [01/13/2006 02:46 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 02:46 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"CTCheck"="C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe" [10/25/2007 12:51 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Steam"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [01/11/2007 09:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 06:16 PM]
"Aim6"="" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 05:51 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Buzz Off\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [4/11/2006 8:27:14 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-05-31 17:52:08 ------------
  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, a bit information on your AVG7 and AVG antispyware.. Both programs are outdated and no longer supported by Grisoft. It has been replaced by AVG8. More information on this website


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Fenzo,

I upgraded AVG.

I ran Kaspersky Scan. Interesting that I was able to do that. I can do some things on the internet, but not others. Here's the Kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 03, 2008 2:12:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821972
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 223614
Number of viruses found 4
Number of infected objects 5
Number of suspicious objects 3
Duration of the scan process 02:20:57

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\gdql_lsa_LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\glog.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_GTActions.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\MySpace\IM\Logs\MySpaceIM-Network-20080602-073330.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\MySpace\IM\Logs\MySpaceIm_06-02-2008-07-33-03-0968.log Object is locked skipped
C:\Documents and Settings\Buzz Off\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-6-2-2008( 7-34-38 ).LOG Object is locked skipped
C:\Documents and Settings\Buzz Off\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/14 Apr 2006 18:16 from Wells Fargo Retirement Services:Your reti.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Buzz Off\Local Settings\Application Data\Microsoft\Outlook\outlook.pst MailMSMaill: suspicious - 1 skipped
C:\Documents and Settings\Buzz Off\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Temp\~DF943.tmp Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Temp\~DFCEB2.tmp Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Temp\~DFCEBF.tmp Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Buzz Off\My Documents\Audible\Logs\Explorer_AudibleShellExt.log Object is locked skipped
C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst/Personal Folders/Inbox/Dangerous Stuff/16 Apr 2005 17:23 from Natesmith:/7.zip/1.exe Infected: Email-Worm.Win32.Bagle.bj skipped
C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst/Personal Folders/Inbox/Dangerous Stuff/16 Apr 2005 17:23 from Natesmith:/7.zip Infected: Email-Worm.Win32.Bagle.bj skipped
C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst/Personal Folders/Inbox/14 Jan 2006 22:57 from Wells Fargo Retirement Services:Your reti.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst MailMSMaill: infected - 2, suspicious - 1 skipped
C:\Documents and Settings\Buzz Off\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Buzz Off\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\NAIF\backup from orco\Meg's Backup Folder\Music\02 Track 2 (freaks).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\NAIF\backup from orco\Naif's Backup (saved games)\Naif's Stuff\hixscript22\hix\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{09295BD2-9868-43BE-BC0D-F624440AA6F2}\RP732\A0365269.exe Object is locked skipped
C:\System Volume Information\_restore{09295BD2-9868-43BE-BC0D-F624440AA6F2}\RP733\A0365273.exe Object is locked skipped
C:\System Volume Information\_restore{09295BD2-9868-43BE-BC0D-F624440AA6F2}\RP760\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B4754469-29ED-49AE-B34B-0ECFD9B9A00D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply..

Do you use Microsoft Outlook for sending/receiving emails?

Please delete the following entries from your Outlook inbox..

14 Apr 2006 18:16 from Wells Fargo Retirement Services:Your reti.html
14 Jan 2006 22:57 from Wells Fargo Retirement Services:Your reti.html
16 Apr 2005 17:23 from Natesmith:





NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\NAIF\backup from orco\Meg's Backup Folder\Music\02 Track 2 (freaks).wma
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


I noticed you already have MalwareBytes' Anti-Malware. Please run and update it.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply

1. OTMoveIt2
2. MalwareBytes'
3. A fresh Deckard System Scanner
4. Tell me about your computer..

Edited by fenzodahl512, 04 June 2008 - 11:01 AM.

  • 0

#9
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Fenzo,

I'm sorry to say there has been no change in my computer. I cannot send or receive email using Outlook. I can access some websites (e.g. Google), but not others (e.g. weather.com).

Here are all the logs:

C:\NAIF\backup from orco\Meg's Backup Folder\Music\02 Track 2 (freaks).wma moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06072008_193533

Malwarebytes' Anti-Malware 1.15
Database version: 839

11:38:34 AM 6/8/2008
mbam-log-6-8-2008 (11-38-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 274522
Time elapsed: 1 hour(s), 37 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Deckard's System Scanner v20071014.68
Run by Buzz Off on 2008-06-08 11:42:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Buzz Off.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:17 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PGP for Windows XP\PGPtray.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Buzz Off\Desktop\dss.exe
C:\vkillers\BUZZOF~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Buzz%20Off/My%20Documents/Netscape%20Startup%20Page.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\vkillers\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NVIDIA Firewall Tray.lnk = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - Global Startup: PGPtray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/im.../SYSSCANNER.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144640722093
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.sc...perSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15031/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11639 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-01 17:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 17:51:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-01 03:06:00 0 d--h----- C:\$AVG8.VAULT$
2008-05-31 18:53:16 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-31 18:53:15 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\AVGTOOLBAR
2008-05-31 18:53:05 0 d-------- C:\Program Files\AVG
2008-05-31 18:53:04 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-23 22:44:37 0 d-------- C:\Program Files\Panda Security
2008-05-21 15:58:04 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Malwarebytes
2008-05-21 15:57:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 15:57:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 15:57:03 0 d-------- C:\Program Files\Symantec
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-21 14:06:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 14:06:45 0 d-------- C:\Program Files\Security Task Manager
2008-05-21 12:51:22 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-21 12:32:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Google
2008-05-21 12:31:39 0 d-------- C:\Documents and Settings\Boink\Application Data\Grisoft
2008-05-21 12:31:07 0 d-------- C:\Documents and Settings\Boink\Application Data\Identities
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Templates
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Start Menu
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\SendTo
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Recent
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\PrintHood
2008-05-21 12:30:40 880640 --a------ C:\Documents and Settings\Boink\NTUSER.DAT
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\NetHood
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\My Documents
2008-05-21 12:30:40 0 d--h----- C:\Documents and Settings\Boink\Local Settings
2008-05-21 12:30:40 0 dr------- C:\Documents and Settings\Boink\Favorites
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Desktop
2008-05-21 12:30:40 0 d--hs---- C:\Documents and Settings\Boink\Cookies
2008-05-21 12:30:40 0 dr-h----- C:\Documents and Settings\Boink\Application Data
2008-05-21 12:30:40 0 d---s---- C:\Documents and Settings\Boink\Application Data\Microsoft
2008-05-21 12:30:40 0 d-------- C:\Documents and Settings\Boink\Application Data\Gtek
2008-05-18 17:30:04 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-05-18 17:29:45 0 d--h----- C:\Documents and Settings\Buzz Off\Application Data\GTek
2008-05-18 17:29:05 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-05-18 17:29:04 0 d-------- C:\Program Files\Linksys EasyLink Advisor


-- Find3M Report ---------------------------------------------------------------

2008-06-07 19:07:16 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\ZoomBrowser EX
2008-06-06 14:24:19 0 d-------- C:\Program Files\Wonderland Secret Worlds Full
2008-06-04 04:28:06 0 d-------- C:\Program Files\AIM6
2008-05-31 18:50:12 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-21 16:50:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-21 16:50:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 15:57:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 15:57:03 0 d-------- C:\Program Files\Common Files
2008-05-21 14:21:55 0 d-------- C:\Program Files\Google
2008-05-18 19:46:17 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-18 19:38:45 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\dvdcss
2008-05-14 19:39:52 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\LimeWire
2008-05-12 15:55:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-09 21:24:01 33 --a------ C:\Documents and Settings\Buzz Off\Application Data\install.ini
2008-05-05 17:06:13 0 d-------- C:\Documents and Settings\Buzz Off\Application Data\Adobe
2008-05-03 08:23:12 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-04-13 19:56:19 53248 --a------ C:\WINDOWS\runepson.exe
2008-04-09 13:59:05 0 d-------- C:\Program Files\Ventrilo
2008-03-11 09:09:48 1443 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/31/2008 06:53 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/31/2008 06:53 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/07/2005 03:35 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"QD FastAndSafe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 05:50 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [08/11/2006 09:43 PM C:\WINDOWS\system32\nvmctray.dll]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [07/29/2005 05:25 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"Mouse Suite 98 Daemon"="ICO.EXE" [11/20/2003 02:08 PM C:\WINDOWS\system32\ico.exe]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 12:35 PM]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [01/13/2006 02:46 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 02:46 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"CTCheck"="C:\Program Files\Creative\ZEN\ZEN Media Explorer\CTCheck.exe" [10/25/2007 12:51 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/31/2008 06:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Steam"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [01/11/2007 09:45 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 06:16 PM]
"Aim6"="" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 05:51 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Buzz Off\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [4/11/2006 8:27:14 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-08 11:42:39 ------------
  • 0

#10
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
That's odd.. Lets try these..

Please download WinsockXPFix from HERE.
  • Double-click on WinsockXPFix and click on Fix
It will ask you to restart your computer in attempt to fix the internet connection. Please do so..




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Regards
fenzodahl512
  • 0

#11
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did all that. There's no change in the computer problem. I've attached the Kaspersky log below.

My son and his friend, who're both computer pros, have tried to fix my computer and failed. They suggest that I rename the Windows directory and re-install windows. I think I might try that, if I have time.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 14, 2008 17:05:55
Records in database: 863864
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 221373
Threat name 4
Infected objects 4
Suspicious objects 0
Duration of the scan 02:35:10

File name Threat name Threats count
C:\Documents and Settings\Buzz Off\Local Settings\Temp\ProduKey.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.i 1
C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst Infected: Email-Worm.Win32.Bagle.bj 1
C:\NAIF\backup from orco\Naif's Backup (saved games)\Naif's Stuff\hixscript22\hix\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
C:\_OTMoveIt\MovedFiles\06072008_193533\NAIF\backup from orco\Meg's Backup Folder\Music\02 Track 2 (freaks).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
The selected area was scanned.
  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Buzz Off\Local Settings\Temp\ProduKey.exe
    C:\Documents and Settings\Buzz Off\My Documents\Outlook\oldstuff.pst
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Dr.Web CureIt to the Desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.



Please post the following logs in your next reply...

1. OTMoveIt2
2. Dr.Web
3. A fresh Deckard System Scanner (after Dr.Web step)


Regards
fenzodahl512

Edited by fenzodahl512, 14 June 2008 - 06:55 PM.

  • 0

#13
BuzzOff

BuzzOff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey Fenzo dude, guess what? I stuck another network card in the computer and it works fine! I don't understand how a bad network card can make some websites work, while others don't.

Thanks for all your help. I'm sorry to make you work so hard to fix the problem, when it turns out to be a hardware problem after all.
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello BuzzOff.. first of all, congratulations for your finding :)

But, please complete all my instructions as your Kaspersky logs shows that you are still infected...

Tell me about your computer conditions after performing all of the instructions :)
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP