Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black Beetles Eating Up My Wallpaper [RESOLVED]


  • This topic is locked This topic is locked

#1
xKiseki

xKiseki

    Member

  • Member
  • PipPip
  • 65 posts
Hello,

Today my computer suddenly had a pop up warning me about malware then a bunch of black beetles began eating away at my screen leaving it blue. When I attempted to change the display properties, the wallpaper and screensaver function were disabled. I have run AVG scans, SUPERantispyware scans, and a kalpersky scan.

the AVG and SUPERantivirus scans reported they removed spyware, trojans, and malware but the beetles still continue to appear on my screen. I've deleted everything in my TEMP files in case they were saved there. The Kalpersky scans said it found no threats.

Here is my Hijackthis Log below. I hope someone is able to help me. Thank you in advance, I really appreciate it. It is driving me insane. Not to mention that it's creepy looking.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:42 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\McAfee\MWL\MwlGui.exe /Start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.co...on/HanAgent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Wireless Security Service (MwlSvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11267 bytes
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello xKiseki and Welcome to Geeks to Go!

Sorry for the delay. We've been busy this week. :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Reboot computer then post back with a New HijackThis log.
  • 0

#3
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hello,

Thank you for getting back to me. I kind of realized how busy the staff was when I saw all the similar topics popping up. I appreciate your help. Here is my new log.

These bugs are really making me mad.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:34 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\McAfee\MWL\MwlGui.exe /Start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.co...on/HanAgent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Wireless Security Service (MwlSvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10634 bytes
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok let's run this tool first.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#5
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hello again. I'm not sure why hangul appeared on my report, but here it is.

SmitFraudFix v2.324

Scan done at 18:08:16.70, 06/14/2008 Sat
Run from C:\PROGRA~1\MOZILL~1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\PROGRA~1\MOZILL~1\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 hosts


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\Web


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\WINDOWS\system32\LogFiles


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Documents and Settings\Jacqueline Chiu


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Documents and Settings\Jacqueline Chiu\Application Data


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Start Menu


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 C:\Program Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Corrupted keys


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Desktop Components



뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,avgrsstx.dll C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL, C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Rustock



뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 DNS

Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 207.172.3.8
DNS Server Search Order: 207.172.3.9

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scanning for wininet.dll infection


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok next.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

#7
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thank you for your fast reply.

SmitFraudFix v2.324

Scan done at 18:59:09.70, 06/14/2008 Sat
Run from C:\Documents and Settings\Jacqueline Chiu\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Generic Renos Fix

GenericRenosFix by S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting infected files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5653F222-459D-40A8-A22E-1FA10239ABA7}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Deleting Temp Files


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Registry Cleaning

Registry Cleaning done.

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 End
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Now for a couple of scans.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- DSS log main and extra
  • 0

#9
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Malwarebytes' Anti-Malware 1.15
Database version: 841

8:12:12 PM 6/14/2008
mbam-log-6-14-2008 (20-12-12).txt

Scan type: Quick Scan
Objects scanned: 41640
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 146

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/system32/nowstarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\ErrorKiller\Microsoft.VC80.MFC\ (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\24-12-2007-10-19-29 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Local Settings\Temporary Internet Files\Content.IE5\0TMJCPA7\NowStarter[1].cab (Adware.CWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Log\2008 May 19 - 06_42_21 PM_484.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\15.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\15.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\16.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\16.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\17.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\17.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\18.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\18.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\19.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\19.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\20.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\20.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\21.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\21.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\22.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\22.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\23.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\23.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\24.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\24.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\25.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\25.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\26.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\26.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\27.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\27.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\28.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\28.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\29.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\29.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\30.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\30.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\31.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\31.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\32.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\32.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\33.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\33.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\34.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\34.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\35.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\35.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\36.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\36.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\37.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\37.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\38.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\38.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\39.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\39.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\40.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\40.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\41.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\41.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\42.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\42.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\43.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\43.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\44.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\44.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\45.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\45.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\46.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\46.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\47.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\47.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\48.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\48.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\49.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\49.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\50.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\50.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\51.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\51.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\52.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\52.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\53.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\53.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\54.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\54.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\55.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\55.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\56.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\56.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\57.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\57.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\58.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\58.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\59.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\59.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\60.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\60.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\61.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\61.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\62.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\62.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\63.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\63.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\64.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\64.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\65.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\65.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\66.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\66.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\67.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\67.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\68.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\68.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\14-11-2007-22-58-12\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\24-12-2007-10-19-29\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\24-12-2007-10-19-29\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\SpywareBot\Quarantine\24-12-2007-10-19-29\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\ErrorKiller\Log\2007 Nov 17 - 03_30_01 AM_281.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\ErrorKiller\Registry Backups\2007-11-14_22-49-08.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2008 at 09:08 PM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Complete Scan
Total Scan Time : 00:55:00

Memory items scanned : 467
Memory threats detected : 0
Registry items scanned : 6459
Registry threats detected : 0
File items scanned : 19055
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][2].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][1].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][2].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][1].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][1].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][2].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][2].txt
C:\Documents and Settings\Jacqueline Chiu\Cookies\jacqueline [email protected][1].txt
.doubleclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Jacqueline Chiu\Application Data\Mozilla\Firefox\Profiles\luygi3u2.default\cookies.txt ]


Deckard's System Scanner v20071014.68
Run by Jacqueline Chiu on 2008-06-14 21:38:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as Jacqueline Chiu.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:25, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\Jacqueline Chiu\Desktop\Scanners\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JACQUE~1.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\McAfee\MWL\MwlGui.exe /Start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.co...on/HanAgent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Wireless Security Service (MwlSvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10701 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 18:08:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-14 18:08:09 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-14 18:08:08 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-14 18:08:07 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-14 18:08:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-14 18:08:06 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-14 18:08:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-08 23:58:48 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\Malwarebytes
2008-06-08 23:58:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 23:58:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 23:56:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 22:27:43 0 d-------- C:\Program Files\Trend Micro
2008-06-08 19:40:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-08 19:40:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 15:25:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 15:22:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 15:22:11 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\SUPERAntiSpyware.com
2008-06-08 15:19:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 13:52:13 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181
2008-06-03 09:30:38 1540096 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2>
2008-05-20 20:50:44 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-20 20:34:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-19 19:00:03 0 d--h----- C:\$AVG8.VAULT$
2008-05-19 18:55:22 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 18:55:01 0 d-------- C:\Program Files\AVG
2008-05-19 18:55:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-06-08 23:56:12 0 d-------- C:\Program Files\Common Files
2008-06-08 15:14:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 12:16:53 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\BitTorrent
2008-06-07 22:03:04 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\Adobe
2008-06-05 01:27:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-20 20:45:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 18:41:50 0 d-------- C:\Program Files\McAfee.com
2008-05-19 18:41:06 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-19 18:35:23 0 d-------- C:\Program Files\McAfee
2008-05-19 18:34:53 0 d-------- C:\Program Files\Google
2008-05-04 23:03:43 0 d-------- C:\Program Files\DivX
2008-05-01 20:44:22 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\DivX
2008-05-01 01:46:45 0 d-------- C:\Program Files\Java
2008-05-01 01:45:01 0 d-------- C:\Program Files\Common Files\Java
2008-04-27 16:25:47 0 d-------- C:\Program Files\iTunes
2008-04-27 16:25:30 0 d-------- C:\Program Files\iPod
2008-04-27 16:22:10 0 d-------- C:\Program Files\Bonjour
2008-04-27 16:21:49 0 d-------- C:\Program Files\QuickTime
2008-04-24 21:16:36 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\AdobeUM
2008-04-01 10:06:30 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (주)나우콤; ClubBox>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 15:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/14/2005 00:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/14/2005 00:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/14/2005 00:45]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 16:08]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 22:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/06/2005 11:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 19:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 21:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/10/2006 15:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 18:29]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05]
"MWLExe"="C:\PROGRA~1\McAfee\MWL\MwlGui.exe" [11/17/2006 20:04]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/10/2004 06:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/10/2004 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/10/2004
  • 0

#10
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Your DSS log got cut off...

Could you post back with the logs again. You should be able to find it in C:\Deckard. :)
  • 0

Advertisements


#11
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Deckard's System Scanner v20071014.68
Run by Jacqueline Chiu on 2008-06-14 21:38:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as Jacqueline Chiu.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:25, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Documents and Settings\Jacqueline Chiu\Desktop\Scanners\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JACQUE~1.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\McAfee\MWL\MwlGui.exe /Start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.co...on/HanAgent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Wireless Security Service (MwlSvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10701 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 18:08:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-14 18:08:09 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-14 18:08:08 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-14 18:08:07 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-14 18:08:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-14 18:08:06 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-14 18:08:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-08 23:58:48 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\Malwarebytes
2008-06-08 23:58:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 23:58:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 23:56:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 22:27:43 0 d-------- C:\Program Files\Trend Micro
2008-06-08 19:40:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-08 19:40:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 15:25:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-08 15:22:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 15:22:11 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\SUPERAntiSpyware.com
2008-06-08 15:19:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 13:52:13 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181
2008-06-03 09:30:38 1540096 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2>
2008-05-20 20:50:44 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-20 20:34:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-19 19:00:03 0 d--h----- C:\$AVG8.VAULT$
2008-05-19 18:55:22 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 18:55:01 0 d-------- C:\Program Files\AVG
2008-05-19 18:55:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-06-08 23:56:12 0 d-------- C:\Program Files\Common Files
2008-06-08 15:14:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 12:16:53 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\BitTorrent
2008-06-07 22:03:04 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\Adobe
2008-06-05 01:27:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-20 20:45:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 18:41:50 0 d-------- C:\Program Files\McAfee.com
2008-05-19 18:41:06 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-05-19 18:35:23 0 d-------- C:\Program Files\McAfee
2008-05-19 18:34:53 0 d-------- C:\Program Files\Google
2008-05-04 23:03:43 0 d-------- C:\Program Files\DivX
2008-05-01 20:44:22 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\DivX
2008-05-01 01:46:45 0 d-------- C:\Program Files\Java
2008-05-01 01:45:01 0 d-------- C:\Program Files\Common Files\Java
2008-04-27 16:25:47 0 d-------- C:\Program Files\iTunes
2008-04-27 16:25:30 0 d-------- C:\Program Files\iPod
2008-04-27 16:22:10 0 d-------- C:\Program Files\Bonjour
2008-04-27 16:21:49 0 d-------- C:\Program Files\QuickTime
2008-04-24 21:16:36 0 d-------- C:\Documents and Settings\Jacqueline Chiu\Application Data\AdobeUM
2008-04-01 10:06:30 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (주)나우콤; ClubBox>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 15:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/14/2005 00:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/14/2005 00:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/14/2005 00:45]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 16:08]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 22:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/06/2005 11:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 19:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 21:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/10/2006 15:02]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 18:29]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05]
"MWLExe"="C:\PROGRA~1\McAfee\MWL\MwlGui.exe" [11/17/2006 20:04]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/10/2004 06:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/10/2004 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/10/2004 06:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/10/2004 06:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/10/2004 06:00]
"Turtle Beach Audio Advantage Roadie"="C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe" [10/28/2005 16:08]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47]
"C:\WINDOWS\system32\V0250Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [08/10/2004 06:00]
"ClubBox"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/19/2008 18:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 19:01]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [10/27/2005 06:00]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [02/09/2008 15:02]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Jacqueline Chiu\Start Menu\Programs\Startup\
hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe [5/15/2007 9:04:42 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/10/2006 2:49:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-14 21:38:47 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 1014.37 MiB / 325.14 MiB
Pagefile Memory (total/avail): 2440.99 MiB / 1815.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.54 MiB

C: is Fixed (NTFS) - 68.44 GiB total, 15.88 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 465.65 GiB total, 173.46 GiB free.
F: is Fixed (NTFS) - 298.09 GiB total, 40.81 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 73.13 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 68.44 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - Maxtor 3200 USB Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - F:

\\.\PHYSICALDRIVE2 - WD 5000AAKS Externa USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1145833515\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1145833515\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1145833515\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1145833515\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\McAfee\\MWL\\MWLSvc.exe"="C:\\Program Files\\McAfee\\MWL\\MWLSvc.exe:*:Enabled:McAfee Wireless Home Network Security"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\WINDOWS\\system32\\FSCAgent.exe"="C:\\WINDOWS\\system32\\FSCAgent.exe:*:Enabled:클럽박스 파일전송 데몬"
"C:\\WINDOWS\\system32\\ClubBox.exe"="C:\\WINDOWS\\system32\\ClubBox.exe:*:Enabled:A¬U AAIAuU uAU"
"C:\\WINDOWS\\system32\\grdmgr.exe"="C:\\WINDOWS\\system32\\grdmgr.exe:*:Enabled:CDN 파일전송 데몬"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jacqueline Chiu\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HYPNOTIQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jacqueline Chiu
LOGONSERVER=\\HYPNOTIQ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\MOZILL~1;C:\Program Files\Mozilla Firefox;C:\Program Files\AIM6;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp
USERDOMAIN=HYPNOTIQ
USERNAME=Jacqueline Chiu
USERPROFILE=C:\Documents and Settings\Jacqueline Chiu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jacqueline Chiu (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
[email protected] ISO Burner v 1.1 --> "C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Clubbox 파일전송관리자 --> C:\WINDOWS\system32\ClubboxUninstall.exe
Combined Community Codec Pack 2006-12-15 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Creative Live! Cam Notebook Pro Driver (1.01.03.0405) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ffdshow [rev 1122] [2007-04-24] --> "C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe"
Free MP3 Converter 1.8 --> "C:\Program Files\Free MP3 Converter\unins000.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
GoldWave v5.13 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.13" "C:\Program Files\GoldWave\unstall.log"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hott notes 4 --> C:\Program Files\hott notes 4\uninst.exe
ImageEditor --> MsiExec.exe /I{B8016214-EB04-4158-9324-FD8D0A6E62FF}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee Wireless Home Network Security --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mwl /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mwlrem.ui::uninstall.htm
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5916 / Error
Event Submitted/Written: 06/14/2008 07:09:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bittorrent.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x005f004a.
Processing media-specific event for [bittorrent.exe!ws!]

Event Record #/Type5904 / Warning
Event Submitted/Written: 06/13/2008 10:27:40 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5901 / Error
Event Submitted/Written: 06/13/2008 10:25:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 12.0.6308.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5895 / Warning
Event Submitted/Written: 06/11/2008 07:06:06 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5892 / Error
Event Submitted/Written: 06/10/2008 08:49:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bittorrent.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x003d54a2.
Processing media-specific event for [bittorrent.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38375 / Warning
Event Submitted/Written: 06/14/2008 07:08:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type38343 / Error
Event Submitted/Written: 06/14/2008 07:05:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type38342 / Error
Event Submitted/Written: 06/14/2008 07:04:54 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type38341 / Error
Event Submitted/Written: 06/14/2008 07:02:29 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type38340 / Error
Event Submitted/Written: 06/14/2008 06:58:25 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
APPDRV
AvgLdx86
AvgMfx86
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
StarOpen
Tcpip



-- End of Deckard's System Scanner: finished at 2008-06-14 19:46:52 ------------



Thank you.
  • 0

#12
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
First, please seriously consider removing

BitTorrent
Pando
.

Want to know why?
Read the articles from the following links below.

The Dangers of P2P File Sharing
The Dangers of Peer-to-Peer (P2P) File Sharing
The Dangers of P2P Networks

To remove,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitTorrent 5.0.9
Pando


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Pando Networks
C:\Program Files\BitTorrent


Next,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181
    C:\WINDOWS\system32\grdmgr.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RealTray
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ClubBox
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}
    HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\grdmgr.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot computer...

Finally,

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All then Uncheck All
Place a check on "File Associations" and "Event Logs"
click Scan
DSS will now run again when finished

Please post back with
- OTMoveIt log
- DSS log
- New Hijackthis log
  • 0

#13
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Packages moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181\Quarantine moved successfully.
C:\Documents and Settings\Jacqueline Chiu\Application Data\shcgwhj0e181 moved successfully.
C:\WINDOWS\system32\grdmgr.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RealTray >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RealTray deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ClubBox >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ClubBox deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\\ deleted successfully.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\grdmgr.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\grdmgr.exe deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06152008_124922


Deckard's System Scanner v20071014.68
Run by Jacqueline Chiu on 2008-06-15 13:03:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- End of Deckard's System Scanner: finished at 2008-06-15 13:03:36 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type5921 / Warning
Event Submitted/Written: 06/15/2008 00:27:11 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5916 / Error
Event Submitted/Written: 06/14/2008 07:09:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bittorrent.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x005f004a.
Processing media-specific event for [bittorrent.exe!ws!]

Event Record #/Type5904 / Warning
Event Submitted/Written: 06/13/2008 10:27:40 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5901 / Error
Event Submitted/Written: 06/13/2008 10:25:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 12.0.6308.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5895 / Warning
Event Submitted/Written: 06/11/2008 07:06:06 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38427 / Warning
Event Submitted/Written: 06/15/2008 00:52:32 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CE3A7B9F. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38415 / Warning
Event Submitted/Written: 06/15/2008 00:29:40 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type38383 / Warning
Event Submitted/Written: 06/14/2008 10:04:01 PM / 06/14/2008 10:04:02 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type38375 / Warning
Event Submitted/Written: 06/14/2008 07:08:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type38343 / Error
Event Submitted/Written: 06/14/2008 07:05:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-06-15 13:03:36 ------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:33, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MWL\MwlGui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MWLExe] C:\PROGRA~1\McAfee\MWL\MwlGui.exe /Start
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "C:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0250Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0250Cvw.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.co...on/HanAgent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Wireless Security Service (MwlSvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MWL\MwlSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10659 bytes
  • 0

#14
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Looking good xKiseki. :)

We're nearly done...
How's your computer running?
Are there other issues you wish to address?

Next,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Then

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Post back with the daft log.
  • 0

#15
xKiseki

xKiseki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
hello, i can't seem to locate my daft log. where do i find that? thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP