Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help. spyware problem.... [RESOLVED]


  • This topic is locked This topic is locked

#1
Iron Smile

Iron Smile

    New Member

  • Member
  • Pip
  • 9 posts
my computer says at the bototm right that it has been infected with spyware, but i dont know how to read these logfiles. it also keeps restarting randomly. someone please help me...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:43 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://nmt.wincshost...ers/awswaxd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178055270984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 10341 bytes

Edited by Iron Smile, 27 May 2008 - 10:11 PM.

  • 0

Advertisements


#2
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Now, like, the whole forums look different. i dont know if it has anything to do with this or not, but everything is white and the writing is black and blue. it just happened after i posted the first message.
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello Iron Smile, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..


Before we continue, please go to this website, and complete the form as follows:

Link to topic where this file was requested: http://www.geekstogo...27#entry1246827

Browse to the file you want to submit: Click Browse, and navigate to the following file:

C:\WINDOWS\System\Update.exe

Leave any comments, further information about this file, or contact information: From fenzodahl512 for SDFix.




NEXT


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following in your next reply..

1. SDFix log
2. Deckard System Scanner (both main.txt and extra.txt)

Please post each log in separate post..


Regards
fenzodahl512
  • 0

#4
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
K, i did the first thing about sending the file thing.

SDFix: Version 1.186
Run by Owner on Wed 05/28/2008 at 09:17 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

MAIN
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-28 10:16:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-05-28 14:16:24 UTC - RP230 - Deckard's System Scanner Restore Point
64: 2008-05-28 12:48:37 UTC - RP229 - Software Distribution Service 3.0
63: 2008-05-28 04:17:26 UTC - RP228 - Software Distribution Service 3.0
62: 2008-05-27 12:23:32 UTC - RP227 - System Checkpoint
61: 2008-05-26 03:55:25 UTC - RP226 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-03-25 14:04:33 UTC - RP166 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:32 AM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://nmt.wincshost...ers/awswaxd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178055270984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 10100 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070930-195252-680 O22 - SharedTaskScheduler: homeridae - {95dde900-8bf3-428c-b9be-8345c9d194f7} - C:\WINDOWS\system32\vzfhprk.dll
backup-20071001-091637-766 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20071002-082723-226 O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
backup-20071002-082723-311 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20071002-082723-446 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
backup-20071002-082723-529 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
backup-20071002-082723-621 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 TfFsMon - c:\windows\system32\drivers\tffsmon.sys (file missing)
S0 TfSysMon - c:\windows\system32\drivers\tfsysmon.sys (file missing)
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 TfNetMon - c:\windows\system32\drivers\tfnetmon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 ThreatFire - c:\program files\threatfire\tfservice.exe service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 23:22:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-19 20:44:52 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 08:54:37 0 d-------- C:\WINDOWS\ERUNT
2008-05-28 04:50:07 0 d--hs---- C:\found.001
2008-05-27 16:33:42 0 d-------- C:\Program Files\Egg vs. Chicken
2008-05-27 16:29:28 0 d-------- C:\Program Files\Escape From Paradise
2008-05-25 23:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 23:55:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 23:55:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 23:35:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-25 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:34:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 23:34:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 23:26:05 385024 --a------ C:\Documents and Settings\Owner\installer.exe <INSTAL~1.EXE> <Not Verified; Zinaps Corporation; Zinaps Anti Spyware>
2008-05-25 22:16:07 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-25 22:15:09 0 --ahs---- C:\Documents and Settings\Owner\Application Data\00483a1c1d682703e4b2f9f364ba05ffc277cfe8d60ba1e2bc.dat
2008-05-25 21:58:48 14336 --a------ C:\Documents and Settings\Owner\Application Data\yuuiz.exe
2008-05-25 21:56:35 14336 --a------ C:\l82nif.exe
2008-05-11 22:57:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-02 21:17:58 0 d-------- C:\Program Files\Disney
2008-04-30 17:13:40 0 d-------- C:\Program Files\ImTOO
2008-04-30 16:52:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-30 16:43:24 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 16:43:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:19:45 0 d-------- C:\Program Files\Family Feud II
2008-05-26 08:19:11 6836 --a----c- C:\WINDOWS\mozver.dat
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files
2008-05-25 23:26:06 33 --a------ C:\Documents and Settings\Owner\Application Data\install.ini
2008-05-25 22:16:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-25 22:15:49 0 d-------- C:\Program Files\Yahoo!
2008-05-04 20:52:47 0 d-------- C:\Program Files\Super Collapse 3
2008-04-30 16:44:35 0 d-------- C:\Program Files\Real
2008-04-29 22:27:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-04-28 18:32:13 0 d-------- C:\Program Files\Monarch The Butterfly King
2008-04-24 13:46:37 0 d-------- C:\Program Files\Turtle Odyssey
2008-04-24 13:46:30 0 d-------- C:\Program Files\Dream Day First Home
2008-04-24 10:32:22 0 d-------- C:\Program Files\Big Kahuna Reef
2008-04-24 10:32:18 0 d-------- C:\Program Files\Dream Chronicles
2008-04-24 10:28:58 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-24 10:28:06 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2008-04-23 11:33:23 0 d-------- C:\Program Files\Finders Keepers
2008-04-23 08:39:44 0 d-------- C:\Program Files\The Rise Of Atlantis
2008-04-22 14:45:21 0 d-------- C:\Program Files\Poppit To Go
2008-04-22 13:14:50 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-04-22 13:09:14 0 d-------- C:\Program Files\7 Wonders
2008-04-22 12:55:48 0 d-------- C:\Program Files\Super Granny 3
2008-04-22 12:55:34 0 d-------- C:\Program Files\Super Granny 4
2008-04-13 22:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-04-08 10:51:53 0 d-------- C:\Program Files\Sushi Frenzy
2008-04-08 10:48:27 0 d-------- C:\Program Files\Crazy Eggs
2008-04-08 10:48:14 0 d-------- C:\Program Files\Escape The Museum
2008-04-07 23:23:58 0 d-------- C:\Program Files\Fish Tycoon
2008-04-07 19:12:12 30 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-07 14:35:24 0 d-------- C:\Program Files\Bookworm Deluxe
2008-04-04 11:16:16 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-04-04 11:09:58 0 d-------- C:\Program Files\Gutterball 2
2008-04-04 11:01:54 0 d-------- C:\Program Files\Farm Frenzy
2008-04-03 14:50:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-04-03 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Yatec Games
2008-04-03 10:44:24 0 d-------- C:\Program Files\My Farm
2008-04-03 10:12:34 0 d-------- C:\Program Files\Magic Farm
2008-04-03 09:57:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-04-03 09:53:09 0 --a------ C:\Program Files\temp01
2008-04-03 09:53:06 0 d-------- C:\Program Files\bfgclient
2008-04-03 09:18:14 0 d-------- C:\Program Files\Fishing Craze
2008-04-01 20:10:14 0 d-------- C:\Program Files\Neptunes Secret
2008-03-05 21:39:20 686 --a------ C:\TMPJerry Clowers - The Hitch Hiker.dat
2008-03-05 21:39:20 721 --a------ C:\TMPJerry Clowers - Talkin' Dog.dat
2008-03-05 21:39:20 663 --a------ C:\TMPJerry Clowers - Marines are Tough.dat
2008-03-05 21:39:19 762 --a------ C:\TMPJerry Clower - Why Can't Johnny Read.dat
2008-03-05 21:39:19 587 --a------ C:\TMPComedy - Jerry Clowers - Physical Examination.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 12:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 01:42 AM]
"nwiz"="nwiz.exe" [10/01/2002 03:39 AM C:\WINDOWS\system32\nwiz.exe]
"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 05:20 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/19/2006 11:06 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"Windows Updates"="c:\windows\system\Update.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2008 04:43 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [10/26/2002 07:59 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Windows Updates"="c:\windows\system\Update.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [7/22/2005 3:47:22 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 11:20:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-28 10:18:24 ------------


EXTRA
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2200+
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 479.48 MiB / 130.71 MiB
Pagefile Memory (total/avail): 1125.46 MiB / 696.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 50.61 GiB total, 24.67 GiB free.
D: is Fixed (FAT32) - 5.27 GiB total, 1.05 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST360012A - 55.9 GiB - 2 partitions
\PARTITION0 - Unknown - 5.28 GiB - D:
\PARTITION1 (bootable) - Installable File System - 50.61 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080528-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-6JNHHU0520
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-6JNHHU0520
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-6JNHHU0520
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7 Wonders --> "C:\Program Files\7 Wonders\ReflexiveArcade\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Kahuna Reef --> "C:\Program Files\Big Kahuna Reef\ReflexiveArcade\unins000.exe"
Bookworm Deluxe --> "C:\Program Files\Bookworm Deluxe\ReflexiveArcade\unins000.exe"
Buildalot --> "C:\Program Files\Buildalot\ReflexiveArcade\unins000.exe"
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CinemaForge --> C:\WINDOWS\system32\xmforgert.exe c:\program files\CinemaForge\UninstallCF.xmfg
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Detto IntelliMover Demo --> MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Day First Home --> "C:\Program Files\Dream Day First Home\ReflexiveArcade\unins000.exe"
Egg vs. Chicken --> "C:\Program Files\Egg vs. Chicken\ReflexiveArcade\unins000.exe"
Elf Bowling The Last Insult --> "C:\Program Files\Elf Bowling The Last Insult\ReflexiveArcade\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Escape From Paradise --> "C:\Program Files\Escape From Paradise\ReflexiveArcade\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Family Feud II --> "C:\Program Files\Family Feud II\ReflexiveArcade\unins000.exe"
Finders Keepers --> "C:\Program Files\Finders Keepers\ReflexiveArcade\unins000.exe"
FLV SPLITTER --> "C:\Program Files\GNU\FLVSPLITTER\Uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Gutterball 2 --> "C:\Program Files\Gutterball 2\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
HP Digital Imaging Album Printing 1.0 --> MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp toolkit --> c:\Windows\HPTK\unhptkit.exe
ImTOO RM Converter --> C:\Program Files\ImTOO\RM Converter 3\Uninstall.exe
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
InstantFX FrontPage Edition 1.5 --> "C:\Program Files\InstantFX FrontPage Edition\uninstall.exe"
Intel® 82845G Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_2ab9fd0\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MarketBrowser --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35845E72-E34A-11D4-817D-005004D0F1FA}\Setup.exe" -uninst
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Monarch - The Butterfly King --> "C:\Program Files\Monarch The Butterfly King\ReflexiveArcade\unins000.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Neopets --> C:\Program Files\Neopets\uninst.exe
Neptunes Secret --> "C:\Program Files\Neptunes Secret\ReflexiveArcade\unins000.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Poppit To Go --> "C:\Program Files\Poppit To Go\ReflexiveArcade\unins000.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Rhapsody Player Engine --> MsiExec.exe /I{6A136B9A-1895-436F-83F8-30D9C68BB6EA}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Saints & Sinners Bowling --> "C:\Program Files\Saints & Sinners Bowling\ReflexiveArcade\unins000.exe"
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Search Settings --> MsiExec.exe /X{90529245-9C54-45B5-BBB3-B180CA04F248}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Simple Backup for My Pictures --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Snowboard Extreme --> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Super Collapse 3 --> "C:\Program Files\Super Collapse 3\ReflexiveArcade\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Turtle Odyssey --> "C:\Program Files\Turtle Odyssey\ReflexiveArcade\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WeatherBug --> C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE /S
WildTangent Channel Manager --> C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Productivity Pack --> c:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack --> C:\WINDOWS\Corel\uninst32.exe
XChat 2 (remove only) --> "C:\Program Files\xchat\uninstall.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2934 / Warning
Event Submitted/Written: 05/28/2008 00:19:26 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2919 / Error
Event Submitted/Written: 05/25/2008 11:22:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.50813, faulting module js3250.dll, version 4.0.0.0, fault address 0x0002d58b.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2909 / Error
Event Submitted/Written: 05/25/2008 07:30:51 PM / 05/25/2008 07:30:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.50813, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2899 / Error
Event Submitted/Written: 05/23/2008 06:21:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module flash9c.ocx, version 9.0.45.0, fault address 0x00187d1b.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2895 / Error
Event Submitted/Written: 05/22/2008 10:37:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.50813, faulting module unknown, version 0.0.0.0, fault address 0x70400020.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37981 / Error
Event Submitted/Written: 05/28/2008 09:50:20 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Event Record #/Type37980 / Error
Event Submitted/Written: 05/28/2008 09:50:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ThreatFire service failed to start due to the following error:
%%2

Event Record #/Type37979 / Error
Event Submitted/Written: 05/28/2008 09:50:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type37956 / Error
Event Submitted/Written: 05/28/2008 09:47:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event Record #/Type37955 / Error
Event Submitted/Written: 05/28/2008 09:47:44 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-05-28 10:18:24 ------------

Edited by Iron Smile, 28 May 2008 - 08:26 AM.

  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\found.001
    C:\Documents and Settings\Owner\Application Data\00483a1c1d682703e4b2f9f364ba05ffc277cfe8d60ba1e2bc.dat
    C:\Documents and Settings\Owner\Application Data\yuuiz.exe
    C:\l82nif.exe
    c:\windows\system\Update.exe
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.







Please include the following logs in your next reply..

1. OTMoveIt2 log
2. A fresh Deckard System Scanner log (after HijackThis step)


Regards
fenzodahl512
  • 0

#6
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Explorer killed successfully
C:\found.001 moved successfully.
C:\Documents and Settings\Owner\Application Data\00483a1c1d682703e4b2f9f364ba05ffc277cfe8d60ba1e2bc.dat moved successfully.
C:\Documents and Settings\Owner\Application Data\yuuiz.exe moved successfully.
C:\l82nif.exe moved successfully.
File/Folder c:\windows\system\Update.exe not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET7FF8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_9BH6DI69hFCzq24 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_9dsBEZStOmozW5F scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_AVROGLrQfOkF6IF scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_hbd7HDdd5VPmSqL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_P3iK1YyVXImWni3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_664.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_124625

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET7FF8.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_9BH6DI69hFCzq24 not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_9dsBEZStOmozW5F not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_AVROGLrQfOkF6IF not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_hbd7HDdd5VPmSqL not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_P3iK1YyVXImWni3 not found!
C:\WINDOWS\temp\Perflib_Perfdata_664.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!





This time, only MAIN came up

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-28 12:55:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:48 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://nmt.wincshost...ers/awswaxd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178055270984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 10264 bytes

-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 08:54:37 0 d-------- C:\WINDOWS\ERUNT
2008-05-27 16:33:42 0 d-------- C:\Program Files\Egg vs. Chicken
2008-05-27 16:29:28 0 d-------- C:\Program Files\Escape From Paradise
2008-05-25 23:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 23:55:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 23:55:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 23:35:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-25 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:34:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 23:34:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 23:26:05 385024 --a------ C:\Documents and Settings\Owner\installer.exe <Not Verified; Zinaps Corporation; Zinaps Anti Spyware>
2008-05-25 22:16:07 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-11 22:57:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-02 21:17:58 0 d-------- C:\Program Files\Disney
2008-04-30 17:13:40 0 d-------- C:\Program Files\ImTOO
2008-04-30 16:52:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-30 16:43:24 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 16:43:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:19:45 0 d-------- C:\Program Files\Family Feud II
2008-05-26 08:19:11 6836 --a----c- C:\WINDOWS\mozver.dat
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files
2008-05-25 23:26:06 33 --a------ C:\Documents and Settings\Owner\Application Data\install.ini
2008-05-25 22:16:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-25 22:15:49 0 d-------- C:\Program Files\Yahoo!
2008-05-04 20:52:47 0 d-------- C:\Program Files\Super Collapse 3
2008-04-30 16:44:35 0 d-------- C:\Program Files\Real
2008-04-29 22:27:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-04-28 18:32:13 0 d-------- C:\Program Files\Monarch The Butterfly King
2008-04-24 13:46:37 0 d-------- C:\Program Files\Turtle Odyssey
2008-04-24 13:46:30 0 d-------- C:\Program Files\Dream Day First Home
2008-04-24 10:32:22 0 d-------- C:\Program Files\Big Kahuna Reef
2008-04-24 10:32:18 0 d-------- C:\Program Files\Dream Chronicles
2008-04-24 10:28:58 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-24 10:28:06 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2008-04-23 11:33:23 0 d-------- C:\Program Files\Finders Keepers
2008-04-23 08:39:44 0 d-------- C:\Program Files\The Rise Of Atlantis
2008-04-22 14:45:21 0 d-------- C:\Program Files\Poppit To Go
2008-04-22 13:14:50 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-04-22 13:09:14 0 d-------- C:\Program Files\7 Wonders
2008-04-22 12:55:48 0 d-------- C:\Program Files\Super Granny 3
2008-04-22 12:55:34 0 d-------- C:\Program Files\Super Granny 4
2008-04-13 22:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-04-08 10:51:53 0 d-------- C:\Program Files\Sushi Frenzy
2008-04-08 10:48:27 0 d-------- C:\Program Files\Crazy Eggs
2008-04-08 10:48:14 0 d-------- C:\Program Files\Escape The Museum
2008-04-07 23:23:58 0 d-------- C:\Program Files\Fish Tycoon
2008-04-07 19:12:12 30 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-07 14:35:24 0 d-------- C:\Program Files\Bookworm Deluxe
2008-04-04 11:16:16 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-04-04 11:09:58 0 d-------- C:\Program Files\Gutterball 2
2008-04-04 11:01:54 0 d-------- C:\Program Files\Farm Frenzy
2008-04-03 14:50:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-04-03 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Yatec Games
2008-04-03 10:44:24 0 d-------- C:\Program Files\My Farm
2008-04-03 10:12:34 0 d-------- C:\Program Files\Magic Farm
2008-04-03 09:57:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-04-03 09:53:09 0 --a------ C:\Program Files\temp01
2008-04-03 09:53:06 0 d-------- C:\Program Files\bfgclient
2008-04-03 09:18:14 0 d-------- C:\Program Files\Fishing Craze
2008-04-01 20:10:14 0 d-------- C:\Program Files\Neptunes Secret


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 12:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 01:42 AM]
"nwiz"="nwiz.exe" [10/01/2002 03:39 AM C:\WINDOWS\system32\nwiz.exe]
"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 05:20 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/19/2006 11:06 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2008 04:43 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [10/26/2002 07:59 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OTScanIt"=C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [7/22/2005 3:47:22 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 11:20:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-28 12:56:19 ------------

Edited by Iron Smile, 28 May 2008 - 11:02 AM.

  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\installer.exe
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Tell me.. Do you know or willingly install these programs?

Search Settings
Viewpoint Media Player
WeatherBug
WildTangent Channel Manager




NEXT


I noticed you already have MalwareBytes' Anti-Malware in your computer. Please run and update it.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the followings in your next reply..

1. OTMoveIt2 log
2. MalwareBytes' log
3. A fresh Deckard System Scanner log (after MalwareBytes' step)
4. Tell me about those programs..


Regards
fenzodahl512
  • 0

#8
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ONE
Explorer killed successfully
C:\Documents and Settings\Owner\installer.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET3B98.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_0OY6LRRGXa2nhfU scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_4Hx3MapVrK05NFE scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_fu6vvih0iuwySsd scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_IPtGDAhZJSSTYeH scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_kIXwpneBQQ9jbBH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_192014

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET3B98.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_0OY6LRRGXa2nhfU not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_4Hx3MapVrK05NFE not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_fu6vvih0iuwySsd not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_IPtGDAhZJSSTYeH not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_kIXwpneBQQ9jbBH not found!
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!
C:\WINDOWS\temp\_avast4_\Webshlock.txt moved successfully.

TWO
Malwarebytes' Anti-Malware 1.12
Database version: 786

Scan type: Full Scan (C:\|)
Objects scanned: 146581
Time elapsed: 55 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP226\A0061707.dll (Adware.Shoper) -> Quarantined and deleted successfully.

THREE
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-28 21:18:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:08 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://nmt.wincshost...ers/awswaxd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178055270984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 9995 bytes

-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 08:54:37 0 d-------- C:\WINDOWS\ERUNT
2008-05-27 16:33:42 0 d-------- C:\Program Files\Egg vs. Chicken
2008-05-27 16:29:28 0 d-------- C:\Program Files\Escape From Paradise
2008-05-25 23:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 23:55:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 23:55:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 23:35:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-25 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:34:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 23:34:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 22:16:07 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-11 22:57:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-02 21:17:58 0 d-------- C:\Program Files\Disney
2008-04-30 17:13:40 0 d-------- C:\Program Files\ImTOO
2008-04-30 16:52:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-30 16:43:24 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 16:43:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:19:45 0 d-------- C:\Program Files\Family Feud II
2008-05-26 08:19:11 6836 --a----c- C:\WINDOWS\mozver.dat
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files
2008-05-25 23:26:06 33 --a------ C:\Documents and Settings\Owner\Application Data\install.ini
2008-05-25 22:16:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-25 22:15:49 0 d-------- C:\Program Files\Yahoo!
2008-05-04 20:52:47 0 d-------- C:\Program Files\Super Collapse 3
2008-04-30 16:44:35 0 d-------- C:\Program Files\Real
2008-04-29 22:27:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-04-28 18:32:13 0 d-------- C:\Program Files\Monarch The Butterfly King
2008-04-24 13:46:37 0 d-------- C:\Program Files\Turtle Odyssey
2008-04-24 13:46:30 0 d-------- C:\Program Files\Dream Day First Home
2008-04-24 10:32:22 0 d-------- C:\Program Files\Big Kahuna Reef
2008-04-24 10:32:18 0 d-------- C:\Program Files\Dream Chronicles
2008-04-24 10:28:58 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-24 10:28:06 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2008-04-23 11:33:23 0 d-------- C:\Program Files\Finders Keepers
2008-04-23 08:39:44 0 d-------- C:\Program Files\The Rise Of Atlantis
2008-04-22 14:45:21 0 d-------- C:\Program Files\Poppit To Go
2008-04-22 13:14:50 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-04-22 13:09:14 0 d-------- C:\Program Files\7 Wonders
2008-04-22 12:55:48 0 d-------- C:\Program Files\Super Granny 3
2008-04-22 12:55:34 0 d-------- C:\Program Files\Super Granny 4
2008-04-13 22:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-04-08 10:51:53 0 d-------- C:\Program Files\Sushi Frenzy
2008-04-08 10:48:27 0 d-------- C:\Program Files\Crazy Eggs
2008-04-08 10:48:14 0 d-------- C:\Program Files\Escape The Museum
2008-04-07 23:23:58 0 d-------- C:\Program Files\Fish Tycoon
2008-04-07 19:12:12 30 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-07 14:35:24 0 d-------- C:\Program Files\Bookworm Deluxe
2008-04-04 11:16:16 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-04-04 11:09:58 0 d-------- C:\Program Files\Gutterball 2
2008-04-04 11:01:54 0 d-------- C:\Program Files\Farm Frenzy
2008-04-03 14:50:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-04-03 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Yatec Games
2008-04-03 10:44:24 0 d-------- C:\Program Files\My Farm
2008-04-03 10:12:34 0 d-------- C:\Program Files\Magic Farm
2008-04-03 09:57:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-04-03 09:53:09 0 --a------ C:\Program Files\temp01
2008-04-03 09:53:06 0 d-------- C:\Program Files\bfgclient
2008-04-03 09:18:14 0 d-------- C:\Program Files\Fishing Craze
2008-04-01 20:10:14 0 d-------- C:\Program Files\Neptunes Secret


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 12:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 01:42 AM]
"nwiz"="nwiz.exe" [10/01/2002 03:39 AM C:\WINDOWS\system32\nwiz.exe]
"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 05:20 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/19/2006 11:06 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2008 04:43 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [10/26/2002 07:59 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [7/22/2005 3:47:22 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 11:20:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-28 21:19:32 ------------

FOUR
I know weatherbug, my mom uses that all the time. dunno what the rest are, what are they used for?
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply..

I know weatherbug, my mom uses that all the time. dunno what the rest are, what are they used for?


WildTangen is associated with online games things.. While it is legit, it usually invite adware.. You can read more about it below:

http://en.wikipedia....iki/WildTangent


About Viewpoint, you can read more about it below

http://sunbeltblog.b...-to-adware.html
http://www.clickz.co...ml?page=3561546


About Search Settings, it comes bundled with some software normally without user's knowledge, you can read more about it below:

http://groups.google...cc6bd1e6009abe8
http://www.castlecop...ttings_dll.html

Be sure you consult with your mom about those programs :)


Now, lets do the following..


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please post the Kaspersky Online result in your next reply.. Tell me about your computer condition..

Regards
fenzodahl512
  • 0

#10
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 1:32:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812078
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 115235
Number of viruses found: 1
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:49:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ew4945x2.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ew4945x2.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Search Settings\kb125\temp\ws-14028.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-29-2008( 9-47-6 ).LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\lildevilgirl4331\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETC454.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_53nXInwNZvg8EOY Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_G0ARGxaOdDqdaUn Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_j8UDKkbgMqeG4jX Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_Jg3S1CwKHz1a6IM Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_Ui37hmunBOQzX53 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5877.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mi2.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\WINDOWS\system32\mi2.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\WINDOWS\system32\mi2.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\WINDOWS\system32\mi2.exe WiseSFX: infected - 3 skipped
C:\WINDOWS\system32\mi2.exe WiseSFXDropper: infected - 3 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_664.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



My computer is doing better now. it has only randomly gone off once, and that was this morning, but other than that, everything has been good. THANKS for helping me tho!
  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello Iron Smile, thanks for the reply.. Please do the following..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\mi2.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\me_53nXInwNZvg8EOY
    C:\Documents and Settings\Owner\Local Settings\Temp\me_G0ARGxaOdDqdaUn
    C:\Documents and Settings\Owner\Local Settings\Temp\me_j8UDKkbgMqeG4jX
    C:\Documents and Settings\Owner\Local Settings\Temp\me_Jg3S1CwKHz1a6IM
    C:\Documents and Settings\Owner\Local Settings\Temp\me_Ui37hmunBOQzX53
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply

1. OTMoveIt2
2. a fresh Deckard System Scanner


Regards
fenzodahl512

Edited by fenzodahl512, 29 May 2008 - 02:37 PM.

  • 0

#12
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Wow, a lot to do. So like, exactly how bad is my computer?


Explorer killed successfully
C:\WINDOWS\system32\mi2.exe moved successfully.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_53nXInwNZvg8EOY scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_G0ARGxaOdDqdaUn scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_j8UDKkbgMqeG4jX scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_Jg3S1CwKHz1a6IM scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_Ui37hmunBOQzX53 scheduled to be moved on reboot.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JETC454.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_53nXInwNZvg8EOY scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_G0ARGxaOdDqdaUn scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_j8UDKkbgMqeG4jX scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_Jg3S1CwKHz1a6IM scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\me_Ui37hmunBOQzX53 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_664.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_180401

Files moved on Reboot...
File C:\Documents and Settings\Owner\Local Settings\Temp\me_53nXInwNZvg8EOY not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\me_G0ARGxaOdDqdaUn not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\me_j8UDKkbgMqeG4jX not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\me_Jg3S1CwKHz1a6IM not found!
File C:\Documents and Settings\Owner\Local Settings\Temp\me_Ui37hmunBOQzX53 not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\JETC454.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_53nXInwNZvg8EOY not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_G0ARGxaOdDqdaUn not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_j8UDKkbgMqeG4jX not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_Jg3S1CwKHz1a6IM not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\me_Ui37hmunBOQzX53 not found!
C:\WINDOWS\temp\Perflib_Perfdata_664.dat moved successfully.
C:\WINDOWS\temp\_avast4_\Webshlock.txt moved successfully.





Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-29 18:14:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:29 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kingkongsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://nmt.wincshost...ers/awswaxd.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178055270984
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 10170 bytes

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 10:18:56 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-29 09:52:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 09:52:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 08:54:37 0 d-------- C:\WINDOWS\ERUNT
2008-05-27 16:33:42 0 d-------- C:\Program Files\Egg vs. Chicken
2008-05-27 16:29:28 0 d-------- C:\Program Files\Escape From Paradise
2008-05-25 23:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 23:55:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 23:55:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 23:35:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-25 23:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 23:34:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 23:34:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 22:16:07 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-11 22:57:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-02 21:17:58 0 d-------- C:\Program Files\Disney
2008-04-30 17:13:40 0 d-------- C:\Program Files\ImTOO
2008-04-30 16:52:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-30 16:43:24 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 16:43:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:19:45 0 d-------- C:\Program Files\Family Feud II
2008-05-26 08:19:11 6836 --a----c- C:\WINDOWS\mozver.dat
2008-05-25 23:54:45 0 d-------- C:\Program Files\Common Files
2008-05-25 23:26:06 33 --a------ C:\Documents and Settings\Owner\Application Data\install.ini
2008-05-25 22:16:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-25 22:15:49 0 d-------- C:\Program Files\Yahoo!
2008-05-04 20:52:47 0 d-------- C:\Program Files\Super Collapse 3
2008-04-30 16:44:35 0 d-------- C:\Program Files\Real
2008-04-29 22:27:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2008-04-28 18:32:13 0 d-------- C:\Program Files\Monarch The Butterfly King
2008-04-24 13:46:37 0 d-------- C:\Program Files\Turtle Odyssey
2008-04-24 13:46:30 0 d-------- C:\Program Files\Dream Day First Home
2008-04-24 10:32:22 0 d-------- C:\Program Files\Big Kahuna Reef
2008-04-24 10:32:18 0 d-------- C:\Program Files\Dream Chronicles
2008-04-24 10:28:58 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-04-24 10:28:06 0 d-------- C:\Program Files\Fairy Godmother Tycoon
2008-04-23 11:33:23 0 d-------- C:\Program Files\Finders Keepers
2008-04-23 08:39:44 0 d-------- C:\Program Files\The Rise Of Atlantis
2008-04-22 14:45:21 0 d-------- C:\Program Files\Poppit To Go
2008-04-22 13:14:50 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-04-22 13:09:14 0 d-------- C:\Program Files\7 Wonders
2008-04-22 12:55:48 0 d-------- C:\Program Files\Super Granny 3
2008-04-22 12:55:34 0 d-------- C:\Program Files\Super Granny 4
2008-04-13 22:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-04-08 10:51:53 0 d-------- C:\Program Files\Sushi Frenzy
2008-04-08 10:48:27 0 d-------- C:\Program Files\Crazy Eggs
2008-04-08 10:48:14 0 d-------- C:\Program Files\Escape The Museum
2008-04-07 23:23:58 0 d-------- C:\Program Files\Fish Tycoon
2008-04-07 19:12:12 30 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-07 14:35:24 0 d-------- C:\Program Files\Bookworm Deluxe
2008-04-04 11:16:16 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-04-04 11:09:58 0 d-------- C:\Program Files\Gutterball 2
2008-04-04 11:01:54 0 d-------- C:\Program Files\Farm Frenzy
2008-04-03 14:50:59 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-04-03 11:04:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Yatec Games
2008-04-03 10:44:24 0 d-------- C:\Program Files\My Farm
2008-04-03 10:12:34 0 d-------- C:\Program Files\Magic Farm
2008-04-03 09:57:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-04-03 09:53:09 0 --a------ C:\Program Files\temp01
2008-04-03 09:53:06 0 d-------- C:\Program Files\bfgclient
2008-04-03 09:18:14 0 d-------- C:\Program Files\Fishing Craze
2008-04-01 20:10:14 0 d-------- C:\Program Files\Neptunes Secret


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 PM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 12:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 01:42 AM]
"nwiz"="nwiz.exe" [10/01/2002 03:39 AM C:\WINDOWS\system32\nwiz.exe]
"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [06/08/2002 05:20 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 11:06 AM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/19/2006 11:06 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2008 04:43 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [10/26/2002 07:59 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [7/22/2005 3:47:22 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 11:20:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-29 18:15:02 ------------
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
No.. Not bad at all.. In fact, I want to say that your log is clean to my eyes.. Good work! :)


And about programs that I mentioned before, If none of your family use it, you may uninstall it if you wish..


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



NEXT


Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6

NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore


NEXT


I noticed that you already have:

1. Avast! as your antivirus
2. SUPERAntiSpyware and MalwareBytes' Anti-Malware as your antispyware

However, I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewal below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



And now, to help protect your computer in the future I would like to recommend you these following free programs. Please do remember to use only ONE "Real-Time Protection" software for EACH Antivirus, AntiSpyware and Firewall.
  • SpywareBlaster 4.0 to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)


Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#14
Iron Smile

Iron Smile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks sooo much! i did everything you told me to do.

and my internet is actually faster, and i noticed it looks like i have a little more space on my C drive.

but now everything is back to normal, thanks a lot!!! :) :)
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP