Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

winlogon notify trojan

Started by dianedmk , Jun 02 2008 01:17 AM

Please log in to reply

#1
dianedmk

Posted 02 June 2008 - 01:17 AM

New Member

Member
5 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:00, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\More Programs\VitalDesktop\VD.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
F:\More Programs\uphclean.exe
C:\WINDOWS\system32\SSSTARS.SCR
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\More Programs\FlashSwitch\FlashSw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - F:\MOREPR~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = F:\More Programs\FlashSwitch\FlashSw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8755 bytes

Uninstall List from Add/Remove Programs:

Ad-Aware 2007
Add/Remove Pro (Freeware)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AnalogX DLLArchive
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
Ashampoo Burning Studio 6
AVG Free 8.0
Ball Master
Banctec Service Agreement
Belarc Advisor 5.0
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
CROA 1.0
DelDomains TRIAL VERSION
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DellSupport
DietJPEG 1.2.0
Digital Line Detect
Dll Orphans
DMX Update
Duplicate File Finder 1.1.0.3
Easy Duplicate Finder v. 1.4.3.0
ERUNT 1.1j
FAST Defrag 2.03SP3A
FastStone Image Viewer 2.12
FlashSwitch
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HTML Slideshow Powertoy for Windows XP
ImageForge version 2.98
InfoTip Extension v2.0.4.106 (Unicode)(Remove Only)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iolo technologies' System Mechanic Professional 7
IsoBuster 1.7
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java™ 6 Update 3
JGoodies JDiskReport 1.2.1
Macromedia Flash Player
Mah-Jongg 5.1
Malwarebytes' Anti-Malware
McAfee Personal Firewall Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Network Guide
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft PhotoDraw 2000 V2
Microsoft Picture It! Photo 7.0
Microsoft Plus! Digital Media Edition
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Microsoft Word Supplemental Templates and Wizards
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 Parser and SDK
My Photo Slide Show
Norton PartitionMagic 8.0
NTREGOPT 1.1j
OneTouch Version 3.0
Online Testing Web Client
Outlook Express Freebie Backup
PacElephant
PC Image Editor
PC-Linq
Photo Click
Photo Stacker version 1.1.1
Picasa 2
PowerDVD 5.3
Preclick Gold Photo Organizer
PrintFolder 1.2
QuickTime
RealPlayer Basic
RegScrubXP 3.2
Road Runner PhotoShow 5
Road Runner PhotoShow Deluxe 4
Roxio UDF Reader
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Slideshow Generator Powertoy for Windows XP
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Space Odyssey 2.0
Spybot - Search & Destroy
SpywareBlaster 4.0
SyncToy
Tidy Start Menu
Toolbar Wallpaper
TPP Storage Driver Installation
Trogladite Software SendTo 1.6
TweakNow RegCleaner
Uniblue RegistryBooster 2
Unlocker 1.8.7
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB907265)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
User Profile Hive Cleanup Service
Vital Desktop 1.4.1
Windows Backup Utility
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinPatrol 2008
WordPerfect Office 12

#2
Tal

Posted 02 June 2008 - 09:23 AM

Trusted Helper

Retired Staff
2,138 posts

Hello dianedmk, welcome to GeeksToGo!

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

Step1 : Disabling SpyBot's TeaTimer

# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.

Please remember to re-enable it when we're done.

Step2 : VundoFix

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step3 : Correcting entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window, if present. (Do NOT click Fix yet!)
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O24 - Desktop Component 0: (no name) - (no file)

Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Restart your computer.

Step4 : Running DSS

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

Summary

In your next reply, please include the following:

VundoFix log;
The two DSS logs.

Regards,

Tal

#3
dianedmk

Posted 02 June 2008 - 12:02 PM

New Member

Topic Starter
Member
5 posts

Hi Tal, I am VERY grateful for your help. I have been working on this for a month now. Per your instructions:
1. I was able to disable the teatimer tho I cannot run the spybot scan. I get a list out of bounds error and a message something about that I removed the advertising. Maybe I need to uninstall and reinstall, but I did disable the teatimer.
2. I ran VundoFix and it didnt find anything so thus no log.
3. Ran Hijack this, checked the 4 items, closed everything and selected fix. It didnt seem to fix anything.
4. Ran DDS and the logs follow.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\More Programs\VitalDesktop\VD.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\SSSTARS.SCR
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\More Programs\FlashSwitch\FlashSw.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
F:\More Programs\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - F:\MOREPR~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = F:\More Programs\FlashSwitch\FlashSw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8802 bytes

Deckard's System Scanner v20071014.68
Run by Diane on 2008-06-02 13:45:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Diane.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\More Programs\VitalDesktop\VD.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\SSSTARS.SCR
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\More Programs\FlashSwitch\FlashSw.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
F:\More Programs\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Diane\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Diane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - F:\MOREPR~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = F:\More Programs\FlashSwitch\FlashSw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8836 bytes

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 02:42:29 126976 --a------ C:\WINDOWS\system32\zip.exe
2008-06-02 00:37:16 9248768 --a------ C:\Documents and Settings\Diane\ntuser.dat
2008-06-02 00:36:50 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 00:36:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 00:36:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 00:36:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 00:36:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 00:36:50 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 00:36:50 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 00:36:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 00:10:31 0 d-------- C:\VundoFix Backups
2008-05-30 12:38:04 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-05-30 12:37:35 0 d-------- C:\Program Files\Real
2008-05-28 20:16:30 102160 --a------ C:\WINDOWS\system32\VB6CHT.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-05-28 15:11:53 0 d-------- C:\WINDOWS\system32\Dell
2008-05-27 22:18:34 0 d-------- C:\Documents and Settings\Diane\Application Data\Malwarebytes
2008-05-27 22:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 22:54:22 175616 --a------ C:\WINDOWS\system32\strings.exe
2008-05-26 22:54:22 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-05-26 22:54:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-26 22:54:22 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-05-26 22:54:22 11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-23 14:13:18 0 d-------- C:\Program Files\Krrrk.com
2008-05-22 14:00:44 0 d-------- C:\WINDOWS\system32\runtime
2008-05-22 13:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 11:08:42 0 d-------- C:\Downloads
2008-05-22 10:55:53 0 d-------- C:\Documents and Settings\Diane\Application Data\Ashampoo
2008-05-21 22:14:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-21 22:00:56 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 21:29:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-21 21:29:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\ypytwvuf
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\ypytwvuf
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\Mozilla
2008-05-20 21:12:14 0 dr-h----- C:\Documents and Settings\Diane\Recent
2008-05-19 22:57:51 0 d-------- C:\Documents and Settings\Diane\Application Data\WinPatrol
2008-05-19 12:23:58 0 d-------- C:\Program Files\Camtech
2008-05-16 18:24:36 262144 --a------ C:\ntuser.dat
2008-05-16 17:19:34 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 19:59:44 0 d-------- C:\Program Files\Add Remove Pro
2008-05-13 23:28:45 0 d-------- C:\Program Files\Lavasoft
2008-05-13 23:28:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 00:50:27 0 d-------- C:\!KillBox
2008-05-12 22:05:18 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-12 09:35:31 0 d-------- C:\Program Files\Panda Security
2008-05-09 23:59:45 0 d-------- C:\WINDOWS\system32\dla
2008-05-09 23:48:25 0 d-------- C:\Program Files\Common Files\Sonic
2008-05-09 03:57:23 0 d-------- C:\Documents and Settings\Diane\Application Data\System Tweaker
2008-05-09 01:12:47 0 d-------- C:\Program Files\Uniblue
2008-05-07 19:35:32 0 d-------- C:\Program Files\Netscape Internet Service
2008-05-06 21:09:31 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 02:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-05 13:17:59 0 d-------- C:\Program Files\Windows Defender
2008-05-04 23:09:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-04 23:06:47 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-04 23:06:47 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-04 23:06:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-04 23:06:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-04 23:06:46 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-04 23:06:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-04 23:06:46 2097152 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-04 18:49:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 15:41:23 0 d--h----- C:\$AVG8.VAULT$
2008-05-04 12:05:41 0 d--hs---- C:\INCINERATE
2008-05-04 11:24:04 0 d-------- C:\Documents and Settings\Diane\Application Data\McAfee
2008-05-04 08:01:34 0 d-------- C:\Program Files\PCPitstop
2008-05-04 05:41:37 0 d-------- C:\Documents and Settings\Diane\index
2008-05-04 05:41:37 0 d-------- C:\Documents and Settings\Diane\images
2008-05-04 02:13:12 0 d-------- C:\Documents and Settings\Diane\Application Data\Uniblue
2008-05-04 00:11:16 0 d-------- C:\Program Files\AVG
2008-05-04 00:11:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:22:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 18:06:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data\iolo
2008-05-03 14:05:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-03 14:04:57 9341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-03 14:04:54 38912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-03 14:04:54 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-03 14:04:52 0 d-------- C:\Program Files\iolo
2008-05-03 14:02:19 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-03 14:00:48 0 d-------- C:\Documents and Settings\Diane\Application Data\iolo
2008-05-03 14:00:48 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-03 13:46:19 20608 --a------ C:\WINDOWS\system32\drivers\supaujzj.dat
2008-05-03 01:01:25 0 d-------- C:\Program Files\Trend Micro
2008-05-02 17:55:51 0 d-------- C:\Program Files\MSXML 4.0
2008-05-02 13:30:32 88064 --a------ C:\WINDOWS\system32\ATRACEh.dll

-- Find3M Report ---------------------------------------------------------------

2008-05-30 23:40:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:38:03 0 d-------- C:\Program Files\Common Files\Real
2008-05-28 22:59:44 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-05-28 15:11:54 0 d-------- C:\Program Files\Dell
2008-05-28 00:13:24 82432 --a------ C:\WINDOWS\system32\d3d8thkm.dll
2008-05-27 20:07:39 0 d-------- C:\Documents and Settings\Diane\Application Data\Road Runner
2008-05-23 00:03:41 0 d-------- C:\Documents and Settings\Diane\Application Data\Krrrk
2008-05-22 14:00:40 0 d-------- C:\Program Files\Google
2008-05-21 11:30:43 0 d-------- C:\Documents and Settings\Diane\Application Data\Adobe
2008-05-19 23:22:44 2855 --a------ C:\WINDOWS\_DEFAULT.PIF
2008-05-16 23:39:14 0 d-------- C:\Documents and Settings\Diane\Application Data\Google
2008-05-16 16:39:12 0 d-------- C:\Program Files\Common Files
2008-05-16 11:17:34 0 d-------- C:\Program Files\Snapshot Viewer
2008-05-16 09:51:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-13 16:42:29 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 23:48:55 0 d-------- C:\Program Files\Sonic
2008-05-07 21:13:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 07:37:40 0 d-------- C:\Program Files\Java
2008-05-03 18:38:32 0 d-------- C:\Program Files\America Online 9.0
2008-05-03 18:38:31 0 d-------- C:\Program Files\PC-Linq
2008-05-03 18:38:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-02 22:30:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-01 20:45:00 0 d-------- C:\Documents and Settings\Diane\Application Data\OfficeUpdate12
2008-05-01 19:32:47 0 d-------- C:\Program Files\MSECache
2008-04-27 01:21:46 0 d-------- C:\Program Files\Visioneer OneTouch
2008-04-22 13:37:59 0 d-------- C:\Program Files\Windows Media Connect 2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"HostManager"="C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe" [2006-09-25 19:52]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-03-31 16:11]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"UnlockerAssistant"="F:\More Programs\Unlocker\UnlockerAssistant.exe" [2008-05-01 23:15]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 22:00]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 13:45]
"VD"="F:\More Programs\VitalDesktop\VD.exe" [2006-03-10 05:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=F:\More Programs\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Diane\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-04-07 08:48:54]
DESKTOP.INI [2004-08-10 13:04:12]
FlashSwitch.lnk - F:\More Programs\FlashSwitch\FlashSw.exe [2008-05-22 13:21:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 13:04:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih]
d3d8thkm.dll 2008-05-28 00:13 82432 C:\WINDOWS\SYSTEM32\d3d8thkm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yxaxnmbz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-06-02 13:46:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1021.98 MiB / 408.66 MiB
Pagefile Memory (total/avail): 2463.46 MiB / 2016.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 14.65 GiB total, 4.23 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 6.86 GiB total, 4.76 GiB free.
G: is Fixed (NTFS) - 8.35 GiB total, 5.48 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD400BB-75JHC0 - 37.25 GiB - 5 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 14.65 GiB - C:
\PARTITION2 - Unknown - 3.44 GiB
\PARTITION3 - Extended w/Extended Int 13 - 19.11 GiB - F: - G:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Personal Firewall Plus v (McAfee)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Netscape Internet Service\\dialer.exe"="C:\\Program Files\\Netscape Internet Service\\dialer.exe:*:Disabled:Netscape ISP Try It! $9.95"
"C:\\Program Files\\Common Files\\AOL\\1170428837\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170428837\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Diane\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIANEWINXP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Diane
LOGONSERVER=\\DIANEWINXP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\AVG\AVG8;C:\Program Files\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Diane\LOCALS~1\Temp
TMP=C:\DOCUME~1\Diane\LOCALS~1\Temp
USERDOMAIN=DIANEWINXP
USERNAME=Diane
USERPROFILE=C:\Documents and Settings\Diane
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Diane (admin)
(new local, admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add/Remove Pro (Freeware) --> "C:\Program Files\Add Remove Pro\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AnalogX DLLArchive --> C:\Program Files\DLLArchive\dllarchu.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Ashampoo Burning Studio 6 --> "F:\More Programs\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Ball Master --> C:\WINDOWS\uninst.exe -f"f:\games\ballmaster\ballmaster game\DeIsL1.isu" -c"f:\games\ballmaster\ballmaster game\_ISREG32.DLL"
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Belarc Advisor 5.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only) --> "F:\More Programs\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CROA 1.0 --> C:\WINDOWS\unins000.exe
DelDomains TRIAL VERSION --> "F:\More Programs\DelDomains TRIAL VERSION\uninstall.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DietJPEG 1.2.0 --> "F:\More Programs\DietJPEG\unins000.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dll Orphans --> C:\Program Files\Camtech\Dll Orphans\Uninstal.exe
DMX Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}\Setup.exe" -l0x9 -L0x9 /SMAINT
Duplicate File Finder 1.1.0.3 --> "F:\More Programs\Duplicate File Finder\unins000.exe"
Easy Duplicate Finder v. 1.4.3.0 --> "F:\More Programs\Easy Duplicate Finder\unins000.exe"
ERUNT 1.1j --> "F:\More Programs\ERUNT\unins000.exe"
FAST Defrag 2.03SP3A --> "F:\More Programs\FAST Defrag\unins000.exe"
FastStone Image Viewer 2.12 --> F:\More Programs\FastStone Image Viewer\uninst.exe
FlashSwitch --> F:\MOREPR~1\FLASHS~1\UNWISE.EXE F:\MOREPR~1\FLASHS~1\FlashSwitch.log
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
ImageForge version 2.98 --> "F:\More Programs\ImageForge\unins000.exe"
InfoTip Extension v2.0.4.106 (Unicode)(Remove Only) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\InfoTipX.inf, DefaultUninstall.nt
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
IsoBuster 1.7 --> C:\Utilities\IsoBuster\Uninst\unins000.exe
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JGoodies JDiskReport 1.2.1 --> "F:\More Programs\JDiskReport 1.2.1\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Mah-Jongg 5.1 --> C:\WINDOWS\ST4UNST.EXE -n "f:\More Programs\Mahjong\ST4UNST.LOG"
Malwarebytes' Anti-Malware --> "F:\More Programs\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Network Guide --> MsiExec.exe /I{2F30A886-DC9F-4C4D-8CE5-124388C82943}
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft PhotoDraw 2000 V2 --> MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Word Supplemental Templates and Wizards --> MsiExec.exe /I{E59219D4-23B8-11D3-A179-00C04F6C9FA4}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
My Photo Slide Show --> F:\MOREPR~1\MYPHOT~1\UNWISE.EXE F:\MOREPR~1\MYPHOT~1\INSTALL.LOG
Norton PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NTREGOPT 1.1j --> "F:\More Programs\NT Registry Optimizer\unins000.exe"
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
Online Testing Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Outlook Express Freebie Backup --> C:\WINDOWS\st6unst.exe -n "C:\Utilities\Outlook Express Freebie Backup\ST6UNST.LOG"
PacElephant --> C:\Program Files\Blue Alien Games\PacElephant\Uninstal.exe
PC-Linq --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808FAA20-4C3A-11D4-8A57-00201853C903}\Setup.exe"
PC Image Editor --> C:\WINDOWS\PC Image Editor Uninstaller.exe
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Photo Stacker version 1.1.1 --> "C:\Program Files\Krrrk.com\Photo Stacker\unins000.exe"
Picasa 2 --> "F:\More Programs\Picasa2\Uninstall.exe"
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preclick Gold Photo Organizer --> C:\Program Files\Preclick\Organizer\setup.exe /uninstall
PrintFolder 1.2 --> "C:\Program Files\PrintFolder\unins000.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegScrubXP 3.2 --> "F:\More Programs\RegScrubXP\unins000.exe"
Road Runner PhotoShow 5 --> "C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\Uninstall.exe"
Road Runner PhotoShow Deluxe 4 --> "F:\More Programs\Road Runner PhotoShow 4\data\Xtras\Uninstall.exe"
Roxio UDF Reader --> C:\WINDOWS\system32\UDFRUNIN.EXE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Space Odyssey 2.0 --> C:\WINDOWS\IsUninst.exe -f"f:\more programs\Uninst.isu"
Spybot - Search & Destroy --> "F:\More Programs\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SyncToy --> MsiExec.exe /I{E7887F0B-066C-4D26-AFD9-62B72CF24D9A}
Tidy Start Menu --> C:\Program Files\Tidy Start Menu\uninstall.exe
Toolbar Wallpaper --> C:\Program Files\Toolbar Wallpaper\Uninstal.exe
TPP Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall
Trogladite Software SendTo 1.6 --> &q

#4
Tal

Posted 03 June 2008 - 02:23 AM

Trusted Helper

Retired Staff
2,138 posts

Hi dianedmk,

You're welcome.

1. I was able to disable the teatimer tho I cannot run the spybot scan. I get a list out of bounds error and a message something about that I removed the advertising. Maybe I need to uninstall and reinstall, but I did disable the teatimer.
2. I ran VundoFix and it didnt find anything so thus no log.
3. Ran Hijack this, checked the 4 items, closed everything and selected fix. It didnt seem to fix anything.
4. Ran DDS and the logs follow.

1. Not sure what scan you were talking about - we just wanted to disable TeaTimer. Could you clarify that please?
2. That's fine, it probably didn't detect these variants.
3. It will now

4. Good - but no need to include both DSS and HijackThis logs. Just takes up more space - the DSS log has an HijackThis log built in.

Step1 : Fixing entries with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)

O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll

Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Restart your computer.

Step2 : OTMoveIt

Please download the OTMoveIt2 by OldTimer. Please note: If you already have OTMoveIt on your system, please replace it with this newer version.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\system32\ATRACEh.dll
c:\windows\system32\d3d8thkm.dll
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Summary

In your next reply, please include the following:

DSS main.txt - It will only generate this, without extra.txt.
OTMoveIt's log.

Regards,

Tal

#5
dianedmk

Posted 03 June 2008 - 02:31 PM

New Member

Topic Starter
Member
5 posts

Hi again Tal!! I did everything you said and the logs follow down below. When I ran the MoveIt file and rebooted there was a message on my screen saying c:\%systemroot%\Windows\system32\autocheck.exe could not be found so it was ignored. MoveIt screen displayed message that these 2 files are not valid windows image files. Additionally, maybe I should let you know that the 2 bho's in question are disabled in ie6 to limit the damage they can do. Is this ok or do I need to re-enable them? Thanks again for all you do.

Deckard's System Scanner v20071014.68
Run by Diane on 2008-06-03 04:17:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Diane.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17, on 2008-06-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\More Programs\VitalDesktop\VD.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\SSSTARS.SCR
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\More Programs\FlashSwitch\FlashSw.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
F:\More Programs\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Diane\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Diane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - F:\MOREPR~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = F:\More Programs\FlashSwitch\FlashSw.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9005 bytes

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-02 02:42:29 126976 --a------ C:\WINDOWS\system32\zip.exe
2008-06-02 00:37:16 9248768 --a------ C:\Documents and Settings\Diane\ntuser.dat
2008-06-02 00:36:50 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 00:36:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 00:36:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 00:36:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 00:36:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 00:36:50 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 00:36:50 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 00:36:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 00:10:31 0 d-------- C:\VundoFix Backups
2008-05-30 12:38:04 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-05-30 12:37:35 0 d-------- C:\Program Files\Real
2008-05-28 20:16:30 102160 --a------ C:\WINDOWS\system32\VB6CHT.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-05-28 15:11:53 0 d-------- C:\WINDOWS\system32\Dell
2008-05-27 22:18:34 0 d-------- C:\Documents and Settings\Diane\Application Data\Malwarebytes
2008-05-27 22:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 22:54:22 175616 --a------ C:\WINDOWS\system32\strings.exe
2008-05-26 22:54:22 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-05-26 22:54:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-26 22:54:22 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-05-26 22:54:22 11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-23 14:13:18 0 d-------- C:\Program Files\Krrrk.com
2008-05-22 14:00:44 0 d-------- C:\WINDOWS\system32\runtime
2008-05-22 13:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 11:08:42 0 d-------- C:\Downloads
2008-05-22 10:55:53 0 d-------- C:\Documents and Settings\Diane\Application Data\Ashampoo
2008-05-21 22:14:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-21 22:00:56 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 21:29:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-21 21:29:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\ypytwvuf
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\ypytwvuf
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\Mozilla
2008-05-20 21:12:14 0 dr-h----- C:\Documents and Settings\Diane\Recent
2008-05-19 22:57:51 0 d-------- C:\Documents and Settings\Diane\Application Data\WinPatrol
2008-05-19 12:23:58 0 d-------- C:\Program Files\Camtech
2008-05-16 18:24:36 262144 --a------ C:\ntuser.dat
2008-05-16 17:19:34 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 19:59:44 0 d-------- C:\Program Files\Add Remove Pro
2008-05-13 23:28:45 0 d-------- C:\Program Files\Lavasoft
2008-05-13 23:28:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 00:50:27 0 d-------- C:\!KillBox
2008-05-12 22:05:18 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-12 09:35:31 0 d-------- C:\Program Files\Panda Security
2008-05-09 23:59:45 0 d-------- C:\WINDOWS\system32\dla
2008-05-09 23:48:25 0 d-------- C:\Program Files\Common Files\Sonic
2008-05-09 03:57:23 0 d-------- C:\Documents and Settings\Diane\Application Data\System Tweaker
2008-05-09 01:12:47 0 d-------- C:\Program Files\Uniblue
2008-05-07 19:35:32 0 d-------- C:\Program Files\Netscape Internet Service
2008-05-06 21:09:31 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 02:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-05 13:17:59 0 d-------- C:\Program Files\Windows Defender
2008-05-04 23:09:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-04 23:06:47 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-04 23:06:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-04 23:06:47 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-04 23:06:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-04 23:06:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-04 23:06:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-04 23:06:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-04 23:06:46 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-04 23:06:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-04 23:06:46 2097152 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-04 18:49:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 15:41:23 0 d--h----- C:\$AVG8.VAULT$
2008-05-04 12:05:41 0 d--hs---- C:\INCINERATE
2008-05-04 11:24:04 0 d-------- C:\Documents and Settings\Diane\Application Data\McAfee
2008-05-04 08:01:34 0 d-------- C:\Program Files\PCPitstop
2008-05-04 05:41:37 0 d-------- C:\Documents and Settings\Diane\index
2008-05-04 05:41:37 0 d-------- C:\Documents and Settings\Diane\images
2008-05-04 02:13:12 0 d-------- C:\Documents and Settings\Diane\Application Data\Uniblue
2008-05-04 00:11:16 0 d-------- C:\Program Files\AVG
2008-05-04 00:11:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:22:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 18:06:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data\iolo
2008-05-03 14:05:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-03 14:04:57 9341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-03 14:04:54 38912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-03 14:04:54 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-03 14:04:52 0 d-------- C:\Program Files\iolo
2008-05-03 14:02:19 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-03 14:00:48 0 d-------- C:\Documents and Settings\Diane\Application Data\iolo
2008-05-03 14:00:48 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-03 13:46:19 20608 --a------ C:\WINDOWS\system32\drivers\supaujzj.dat
2008-05-03 01:01:25 0 d-------- C:\Program Files\Trend Micro

-- Find3M Report ---------------------------------------------------------------

2008-06-02 15:18:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-02 10:29:21 0 d-------- C:\Documents and Settings\Diane\Application Data\Road Runner
2008-05-30 23:40:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:38:03 0 d-------- C:\Program Files\Common Files\Real
2008-05-28 22:59:44 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-05-28 15:11:54 0 d-------- C:\Program Files\Dell
2008-05-28 01:00:36 88064 --a------ C:\WINDOWS\system32\ATRACEh.dll
2008-05-28 00:13:24 82432 --a------ C:\WINDOWS\system32\d3d8thkm.dll
2008-05-23 00:03:41 0 d-------- C:\Documents and Settings\Diane\Application Data\Krrrk
2008-05-22 14:00:40 0 d-------- C:\Program Files\Google
2008-05-21 11:30:43 0 d-------- C:\Documents and Settings\Diane\Application Data\Adobe
2008-05-19 23:22:44 2855 --a------ C:\WINDOWS\_DEFAULT.PIF
2008-05-16 23:39:14 0 d-------- C:\Documents and Settings\Diane\Application Data\Google
2008-05-16 16:39:12 0 d-------- C:\Program Files\Common Files
2008-05-16 11:17:34 0 d-------- C:\Program Files\Snapshot Viewer
2008-05-16 09:51:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-09 23:48:55 0 d-------- C:\Program Files\Sonic
2008-05-07 21:13:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 07:37:40 0 d-------- C:\Program Files\Java
2008-05-03 18:38:32 0 d-------- C:\Program Files\America Online 9.0
2008-05-03 18:38:31 0 d-------- C:\Program Files\PC-Linq
2008-05-03 18:38:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-02 22:30:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-02 17:55:52 0 d-------- C:\Program Files\MSXML 4.0
2008-05-01 20:45:00 0 d-------- C:\Documents and Settings\Diane\Application Data\OfficeUpdate12
2008-05-01 19:32:47 0 d-------- C:\Program Files\MSECache
2008-04-27 01:21:46 0 d-------- C:\Program Files\Visioneer OneTouch
2008-04-22 13:37:59 0 d-------- C:\Program Files\Windows Media Connect 2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"HostManager"="C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe" [2006-09-25 19:52]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2001-09-10 08:08]
"UnlockerAssistant"="F:\More Programs\Unlocker\UnlockerAssistant.exe" [2008-05-01 23:15]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 22:00]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 13:45]
"VD"="F:\More Programs\VitalDesktop\VD.exe" [2006-03-10 05:14]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2007-06-22 16:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=F:\More Programs\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Diane\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-04-07 08:48:54]
DESKTOP.INI [2004-08-10 13:04:12]
FlashSwitch.lnk - F:\More Programs\FlashSwitch\FlashSw.exe [2008-05-22 13:21:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 13:04:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih]
d3d8thkm.dll 2008-05-28 00:13 82432 C:\WINDOWS\SYSTEM32\d3d8thkm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yxaxnmbz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-06-03 04:18:39 ------------

LoadLibrary failed for C:\WINDOWS\SYSTEM32\ATRACEh.dll
C:\WINDOWS\SYSTEM32\ATRACEh.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\ATRACEh.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\d3d8thkm.dll
C:\WINDOWS\SYSTEM32\d3d8thkm.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\d3d8thkm.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06032008_034940

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\SYSTEM32\ATRACEh.dll
C:\WINDOWS\SYSTEM32\ATRACEh.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\ATRACEh.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\d3d8thkm.dll
C:\WINDOWS\SYSTEM32\d3d8thkm.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\d3d8thkm.dll scheduled to be moved on reboot.

#6
Tal

Posted 06 June 2008 - 12:58 PM

Trusted Helper

Retired Staff
2,138 posts

Hi dianedmk,

I am sorry for the delay in getting back to you. I had an important test. Let's proceed with the fix. Looks like OTMoveIt is not powerful enough to move these files: we will need something tougher

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\ATRACEh.dll
C:\WINDOWS\SYSTEM32\d3d8thkm.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .

In your next reply, please include Avenger's log and a new DSS main.txt.

Regards,

Tal.

Edited by Tal, 06 June 2008 - 12:58 PM.

#7
dianedmk

Posted 06 June 2008 - 02:19 PM

New Member

Topic Starter
Member
5 posts

Hi Tal, Hope you aced your test!!!! Here are the logs. The unfound bho's are disabled in my browser but they still exist. I disabled them in tools, manage add-ons and it helped a lot.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open file "C:\WINDOWS\SYSTEM32\ATRACEh.dll"
Deletion of file "C:\WINDOWS\SYSTEM32\ATRACEh.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: could not open file "C:\WINDOWS\SYSTEM32\d3d8thkm.dll"
Deletion of file "C:\WINDOWS\SYSTEM32\d3d8thkm.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not open registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\More Programs\VitalDesktop\VD.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashSwitch\FlashSw.exe
C:\WINDOWS\system32\SSSTARS.SCR
F:\More Programs\uphclean.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - C:\PROGRA~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = C:\Program Files\FlashSwitch\FlashSw.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8243 bytes

#8
Tal

Posted 06 June 2008 - 03:20 PM

Trusted Helper

Retired Staff
2,138 posts

Hi dianedmk,

The test went fine

As for why the BHOs are still there - I messed up on the script syntax

We will need to get rid of these fully. Looks like it gives us access denied errors, we'll try our luck doing the fix in safe mode and see if it helps.

This fix will be performed in Safe Mode. Please save this reply into a notepad file and save it on your desktop as you will not be able to access this topic in Safe Mode.

Please reboot into safe mode by restarting the computer and repeatedly tap F8 until a menu shows - choose Safe Mode using the arrow keys and press enter. Allow it to proceed. When the computer prompts you on whether or not you want to continue with Safe Mode, choose Yes.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\ATRACEh.dll
C:\WINDOWS\SYSTEM32\d3d8thkm.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .

In your next reply, please include a new DSS log and the new Avenger report.

Tal

Edited by Tal, 06 June 2008 - 03:20 PM.

#9
dianedmk

Posted 07 June 2008 - 09:37 AM

New Member

Topic Starter
Member
5 posts

Hi Tal, I think the only way these files can be deleted is if I can find a way to hook my hard drive up to another computer as a slave drive. If I were still on win98 I could have deleted them through DOS. Oh well....... here are the logs:(PC is running much better as long as I close avg---yikes)

Deckard's System Scanner v20071014.68
Run by Diane on 2008-06-07 11:31:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Diane.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31, on 2008-06-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\igfxpers.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\More Programs\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\More Programs\VitalDesktop\VD.exe
C:\Program Files\FlashSwitch\FlashSw.exe
F:\More Programs\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SSSTARS.SCR
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Diane\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Diane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://finance.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - C:\PROGRA~1\FLASHS~1\FlashBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {56C86AD7-99FB-42A1-9531-BA31CC2EAFFE} - C:\WINDOWS\system32\ATRACEh.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {908316C3-D136-485D-B428-A0B7AFF10452} - c:\windows\system32\d3d8thkm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\More Programs\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VD] F:\More Programs\VitalDesktop\VD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\More Programs\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: FlashSwitch.lnk = C:\Program Files\FlashSwitch\FlashSw.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\MOREPR~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skill...linetesting.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ajukqlih - C:\WINDOWS\SYSTEM32\d3d8thkm.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8210 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-06 00:35:38 0 d-------- C:\Program Files\Viewpoint
2008-06-06 00:35:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-04 20:13:04 0 d-------- C:\Program Files\FlashSwitch
2008-06-03 08:05:23 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-02 02:42:29 126976 --a------ C:\WINDOWS\system32\zip.exe
2008-06-02 00:37:16 9437184 --a------ C:\Documents and Settings\Diane\ntuser.dat
2008-06-02 00:36:50 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 00:36:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 00:36:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 00:36:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 00:36:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 00:36:50 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 00:36:50 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 00:36:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 00:10:31 0 d-------- C:\VundoFix Backups
2008-05-30 12:38:04 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-05-30 12:37:35 0 d-------- C:\Program Files\Real
2008-05-28 20:16:30 102160 --a------ C:\WINDOWS\system32\VB6CHT.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-05-28 15:11:53 0 d-------- C:\WINDOWS\system32\Dell
2008-05-27 22:18:34 0 d-------- C:\Documents and Settings\Diane\Application Data\Malwarebytes
2008-05-27 22:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 22:54:22 175616 --a------ C:\WINDOWS\system32\strings.exe
2008-05-26 22:54:22 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-05-26 22:54:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-26 22:54:22 39184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-05-26 22:54:22 11254 --a------ C:\WINDOWS\system32\locate.com
2008-05-23 14:13:18 0 d-------- C:\Program Files\Krrrk.com
2008-05-22 14:00:44 0 d-------- C:\WINDOWS\system32\runtime
2008-05-22 13:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 11:08:42 0 d-------- C:\Downloads
2008-05-22 10:55:53 0 d-------- C:\Documents and Settings\Diane\Application Data\Ashampoo
2008-05-21 22:14:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-21 22:00:56 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 21:29:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-21 21:29:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\ypytwvuf
2008-05-21 21:28:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\ypytwvuf
2008-05-21 11:30:31 0 d-------- C:\Documents and Settings\Diane\Application Data\Mozilla
2008-05-20 21:12:14 0 dr-h----- C:\Documents and Settings\Diane\Recent
2008-05-19 22:57:51 0 d-------- C:\Documents and Settings\Diane\Application Data\WinPatrol
2008-05-19 12:23:58 0 d-------- C:\Program Files\Camtech
2008-05-16 18:24:36 262144 --a------ C:\ntuser.dat
2008-05-16 17:19:34 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-05-15 19:59:44 0 d-------- C:\Program Files\Add Remove Pro
2008-05-13 23:28:45 0 d-------- C:\Program Files\Lavasoft
2008-05-13 23:28:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 00:50:27 0 d-------- C:\!KillBox
2008-05-12 22:05:18 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-12 09:35:31 0 d-------- C:\Program Files\Panda Security
2008-05-09 23:59:45 0 d-------- C:\WINDOWS\system32\dla
2008-05-09 23:48:25 0 d-------- C:\Program Files\Common Files\Sonic
2008-05-09 03:57:23 0 d-------- C:\Documents and Settings\Diane\Application Data\System Tweaker
2008-05-09 01:12:47 0 d-------- C:\Program Files\Uniblue
2008-05-07 19:35:32 0 d-------- C:\Program Files\Netscape Internet Service

-- Find3M Report ---------------------------------------------------------------

2008-06-03 08:05:23 0 d-------- C:\Program Files\Common Files
2008-06-03 07:25:42 0 d-------- C:\Documents and Settings\Diane\Application Data\Road Runner
2008-06-02 15:18:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-30 23:40:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:38:03 0 d-------- C:\Program Files\Common Files\Real
2008-05-28 22:59:44 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-05-28 15:11:54 0 d-------- C:\Program Files\Dell
2008-05-28 01:00:36 88064 --a------ C:\WINDOWS\system32\ATRACEh.dll
2008-05-28 00:13:24 82432 --a------ C:\WINDOWS\system32\d3d8thkm.dll
2008-05-26 21:51:10 0 d-------- C:\Program Files\SpywareBlaster
2008-05-23 00:03:41 0 d-------- C:\Documents and Settings\Diane\Application Data\Krrrk
2008-05-22 14:00:40 0 d-------- C:\Program Files\Google
2008-05-21 11:30:43 0 d-------- C:\Documents and Settings\Diane\Application Data\Adobe
2008-05-19 23:22:44 2855 --a------ C:\WINDOWS\_DEFAULT.PIF
2008-05-16 23:39:14 0 d-------- C:\Documents and Settings\Diane\Application Data\Google
2008-05-16 11:17:34 0 d-------- C:\Program Files\Snapshot Viewer
2008-05-16 09:51:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-09 23:48:55 0 d-------- C:\Program Files\Sonic
2008-05-07 21:13:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 13:17:59 0 d-------- C:\Program Files\Windows Defender
2008-05-04 11:24:04 0 d-------- C:\Documents and Settings\Diane\Application Data\McAfee
2008-05-04 10:50:28 0 d-------- C:\Documents and Settings\Diane\Application Data\iolo
2008-05-04 08:01:34 0 d-------- C:\Program Files\PCPitstop
2008-05-04 07:37:40 0 d-------- C:\Program Files\Java
2008-05-04 02:13:12 0 d-------- C:\Documents and Settings\Diane\Application Data\Uniblue
2008-05-04 00:11:16 0 d-------- C:\Program Files\AVG
2008-05-03 18:38:32 0 d-------- C:\Program Files\America Online 9.0
2008-05-03 18:38:31 0 d-------- C:\Program Files\PC-Linq
2008-05-03 18:38:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 14:04:52 0 d-------- C:\Program Files\iolo
2008-05-03 14:02:19 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-03 01:01:25 0 d-------- C:\Program Files\Trend Micro
2008-05-02 22:30:14 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-02 17:55:52 0 d-------- C:\Program Files\MSXML 4.0
2008-05-01 20:45:00 0 d-------- C:\Documents and Settings\Diane\Application Data\OfficeUpdate12
2008-05-01 19:32:47 0 d-------- C:\Program Files\MSECache
2008-04-27 01:21:46 0 d-------- C:\Program Files\Visioneer OneTouch
2008-04-22 13:37:59 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-13 10:08:46 38912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-03-13 09:25:46 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 02:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 07:29]
"HostManager"="C:\Program Files\Common Files\AOL\1170428837\ee\AOLSoftware.exe" [2006-09-25 07:52]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 07:20]
"UnlockerAssistant"="F:\More Programs\Unlocker\UnlockerAssistant.exe" [2008-05-01 11:15]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 01:05]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 10:00]
"PCPitstop Registration Reminder"="C:\Program Files\PCPitstop\Exterminate\Reminder.exe" [2007-05-24 12:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 01:45]
"VD"="F:\More Programs\VitalDesktop\VD.exe" [2006-03-10 05:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=F:\More Programs\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Diane\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 1:04:12 PM]
FlashSwitch.lnk - C:\Program Files\FlashSwitch\FlashSw.exe [2008-06-04 8:13:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 1:04:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih]
d3d8thkm.dll 2008-05-28 12:13 82432 C:\WINDOWS\SYSTEM32\d3d8thkm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
d3d8thkm.dll 2008-05-28 12:13 82432 C:\WINDOWS\SYSTEM32\d3d8thkm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Road Runner PhotoShow Media Manager"=C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
"PCPitstop Registration Reminder"=C:\Program Files\PCPitstop\Exterminate\Reminder.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yxaxnmbz

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-06-07 11:32:33 ------------

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open file "C:\WINDOWS\SYSTEM32\ATRACEh.dll"
Deletion of file "C:\WINDOWS\SYSTEM32\ATRACEh.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: could not open file "C:\WINDOWS\SYSTEM32\d3d8thkm.dll"
Deletion of file "C:\WINDOWS\SYSTEM32\d3d8thkm.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: could not open registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56C86AD7-99FB-42A1-9531-BA31CC2EAFFE}" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: could not open registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{908316C3-D136-485D-B428-A0B7AFF10452}" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: could not open registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ajukqlih" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.