Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

advice- HiJackThis LogFile [CLOSED]

Started by Jara1975 , Jun 14 2008 05:54 PM

  • This topic is locked This topic is locked

#1
Jara1975
Posted 14 June 2008 - 05:54 PM

Jara1975

    New Member

  • Member
  • Pip
  • 2 posts
Ive cleaned, scanned, ect...and still having random pop ups even with blocker enabled.
I'd be very grateful for some help!
Running XP
Thanks,
Jara1975


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:06 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\family\My Documents\VIRUS PROTECTION\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {19B2DEF1-985E-4E86-9B43-895E7F349A64} - (no file)
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {2d58db5b-4d91-8d0b-f7e4-263405cae6e6} - {6e6eac50-4362-4e7f-b0d8-19d4b5bd85d2} - C:\WINDOWS\system32\qmdxcmot.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\family\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127w.bay127...es/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: awttsPfg - awttsPfg.dll (file missing)
O20 - Winlogon Notify: __c001A59 - C:\WINDOWS\system32\__c001A59.dat (file missing)
O20 - Winlogon Notify: __c00A7BD4 - C:\WINDOWS\system32\__c00A7BD4.dat (file missing)
O20 - Winlogon Notify: __c00C0B42 - C:\WINDOWS\system32\__c00C0B42.dat (file missing)
O20 - Winlogon Notify: __c00E5E40 - C:\WINDOWS\system32\__c00E5E40.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10128 bytes
  • 0

Advertisements

#2
Essexboy
Posted 15 June 2008 - 08:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, let me see if I can help :)

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

You appear to have both Norton and AVG8. Please disable or uninstall one

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

NOW TO WORK

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {19B2DEF1-985E-4E86-9B43-895E7F349A64} - (no file)
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: {2d58db5b-4d91-8d0b-f7e4-263405cae6e6} - {6e6eac50-4362-4e7f-b0d8-19d4b5bd85d2} - C:\WINDOWS\system32\qmdxcmot.dll
O20 - Winlogon Notify: awttsPfg - awttsPfg.dll (file missing)
O20 - Winlogon Notify: __c001A59 - C:\WINDOWS\system32\__c001A59.dat (file missing)
O20 - Winlogon Notify: __c00A7BD4 - C:\WINDOWS\system32\__c00A7BD4.dat (file missing)
O20 - Winlogon Notify: __c00C0B42 - C:\WINDOWS\system32\__c00C0B42.dat (file missing)
O20 - Winlogon Notify: __c00E5E40 - C:\WINDOWS\system32\__c00E5E40.dat (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\qmdxcmot.dll
C:\WINDOWS\system32\awttsPfg.dll 
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : DSS Main and Extra plus OTMoveit report
  • 0

#3
Jara1975
Posted 15 June 2008 - 08:53 PM

Jara1975

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank You for you help!

I could not remove Java with the add/remove, or Norton. But I have tried to disable Norton because it was out of date.

OTMOVE IT Report:

File/Folder C:\WINDOWS\system32\qmdxcmot.dll not found.
File/Folder C:\WINDOWS\system32\awttsPfg.dll not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06152008_223447



DECKERS Main.txt:

Deckard's System Scanner v20071014.68
Run by family on 2008-06-15 22:42:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-06-16 02:42:50 UTC - RP314 - Deckard's System Scanner Restore Point
8: 2008-06-16 02:19:00 UTC - RP313 - Installed Java™ 6 Update 6
7: 2008-06-16 02:16:03 UTC - RP312 - Installed Java™ SE Development Kit 6 Update 6
6: 2008-06-15 21:03:00 UTC - RP311 - Software Distribution Service 3.0
5: 2008-06-15 07:00:38 UTC - RP310 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-14 21:09:41 UTC - RP306 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as family.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:08 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Documents and Settings\family\Desktop\dss.exe
C:\DOCUME~1\family\MYDOCU~1\VIRUSP~1\family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\family\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127w.bay127...es/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8903 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\family\MYDOCU~1\VIRUSP~1\backups\) ----

backup-20080615-222755-315 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
backup-20080615-222755-388 O2 - BHO: {2d58db5b-4d91-8d0b-f7e4-263405cae6e6} - {6e6eac50-4362-4e7f-b0d8-19d4b5bd85d2} - C:\WINDOWS\system32\qmdxcmot.dll (file missing)
backup-20080615-222755-609 O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
backup-20080615-222755-692 O2 - BHO: (no name) - {19B2DEF1-985E-4E86-9B43-895E7F349A64} - (no file)
backup-20080615-222755-782 O20 - Winlogon Notify: awttsPfg - awttsPfg.dll (file missing)
backup-20080615-222755-949 O20 - Winlogon Notify: __c001A59 - C:\WINDOWS\system32\__c001A59.dat (file missing)
backup-20080615-222755-967 O20 - Winlogon Notify: __c00A7BD4 - C:\WINDOWS\system32\__c00A7BD4.dat (file missing)
backup-20080615-222756-469 O20 - Winlogon Notify: __c00E5E40 - C:\WINDOWS\system32\__c00E5E40.dat (file missing)
backup-20080615-222756-987 O20 - Winlogon Notify: __c00C0B42 - C:\WINDOWS\system32\__c00C0B42.dat (file missing)
backup-20080615-223357-176 O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
backup-20080615-223357-230 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080615-223357-310 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
backup-20080615-223357-353 O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
backup-20080615-223357-431 O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
backup-20080615-223357-500 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
backup-20080615-223357-624 O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
backup-20080615-223357-659 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080615-223357-706 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080615-223357-820 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080615-223357-901 O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>

S3 MR97310_USB_DUAL_CAMERA (MR97310 CIF Dual Mode Camera) - c:\windows\system32\drivers\mr97310c.sys (file missing)
S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 22:37:21 488 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-06-14 09:56:15 532 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - family.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 22:20:37 0 d-------- C:\Program Files\Sun
2008-06-14 17:36:55 0 d-------- C:\Program Files\Lavasoft
2008-06-14 17:36:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 23:30:52 0 d-------- C:\Documents and Settings\family\Application Data\TuneUp Software
2008-06-12 23:30:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-12 23:30:07 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-12 23:29:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 22:47:07 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-12 22:45:34 0 d-------- C:\WINDOWS\Internet Logs
2008-06-12 21:18:21 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-12 21:18:21 2547 --a------ C:\WINDOWS\unins000.dat
2008-06-12 20:12:43 0 d--h----- C:\$AVG8.VAULT$
2008-06-12 20:08:13 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-12 20:07:53 0 d-------- C:\Program Files\AVG
2008-06-12 20:07:49 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-12 19:39:27 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-12 19:39:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-12 19:39:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-12 19:39:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-06-12 19:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-12 19:39:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-12 19:39:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-12 19:39:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-12 19:39:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-12 19:39:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-12 19:39:26 2097152 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-12 19:39:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-12 19:39:26 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-12 19:39:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-12 18:44:13 80896 --a------ C:\WINDOWS\system32\dyajvssb.dll
2008-06-11 14:44:58 0 d-------- C:\Documents and Settings\family\Application Data\Motive
2008-06-11 09:31:36 0 d-------- C:\WINDOWS\Motive
2008-06-11 09:30:40 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-06-11 09:28:39 0 d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-06-11 09:25:44 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:44 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:43 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:42 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-11 09:25:42 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-11 09:25:06 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-06-11 09:25:06 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-06-11 09:25:05 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:05 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:04 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:04 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:03 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:02 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:02 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:01 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:01 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:25:00 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:24:59 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-11 09:22:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-06-11 09:22:26 0 d-------- C:\Program Files\windstream_act
2008-06-11 09:22:26 0 d-------- C:\Program Files\Common Files\Motive
2008-06-01 14:14:25 0 d-------- C:\Documents and Settings\family\Application Data\AntispywareBot
2008-06-01 14:13:10 0 d-------- C:\Documents and Settings\family\Application Data\SpywareStop
2008-06-01 14:04:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 07:19:17 1219436 --a------ C:\Documents and Settings\family\Application Data\Install.dat
2008-05-29 14:37:53 303 --a------ C:\xcrashdump.dat
2008-05-29 13:03:40 0 d-------- C:\Documents and Settings\family\.housecall6.6
2008-05-27 18:30:03 2264 --ahs---- C:\WINDOWS\system32\hQqXxGgh.ini2
2008-05-27 18:24:47 42496 --a------ C:\WINDOWS\system32\~.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-15 22:20:15 0 d-------- C:\Program Files\Java
2008-06-12 23:29:16 0 d-------- C:\Program Files\Common Files
2008-06-10 16:15:56 0 d-------- C:\Program Files\Lx_cats
2008-06-02 12:14:43 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-02 12:14:43 56 -r-hs---- C:\WINDOWS\system32\2F87C689DB.sys
2008-04-28 21:16:13 16 --a------ C:\WINDOWS\popcinfo.dat
2008-04-28 20:56:25 0 d-------- C:\Program Files\Yahoo!
2008-04-28 20:56:23 0 d-------- C:\Program Files\Shockwave.com
2008-04-17 21:34:44 0 d-------- C:\Program Files\AOL Games


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/20/2005 12:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/20/2005 12:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/20/2005 12:10 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
"P17Helper"="P17.dll" [06/10/2004 05:51 PM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [07/20/2005 01:47 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [11/09/2004 10:32 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/12/2008 08:08 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 10:57 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/23/2005 12:21:17 PM]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [6/11/2008 9:28:47 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGxXqQh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IncrediMail"=C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"1cb99dbb"=rundll32.exe "C:\WINDOWS\system32\dyajvssb.dll",b
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-15 22:46:44 ------------



DECKERS EXTRA.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 502.07 MiB / 161.99 MiB
Pagefile Memory (total/avail): 1228.77 MiB / 816.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.95 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.46 GiB total, 56.59 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Norton AntiVirus v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\family\\Local Settings\\Temporary Internet Files\\Content.IE5\\25NOG9ZZ\\incredimail_install[1].exe"="C:\\Documents and Settings\\family\\Local Settings\\Temporary Internet Files\\Content.IE5\\25NOG9ZZ\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\family\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CARDWELLCPU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\family
LOGONSERVER=\\CARDWELLCPU
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\family\LOCALS~1\Temp
TMP=C:\DOCUME~1\family\LOCALS~1\Temp
USERDOMAIN=CARDWELLCPU
USERNAME=family
USERPROFILE=C:\Documents and Settings\family
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

family (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ALLTEL~1\Uninstall.exe ALLTEL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Babysitting Mania (remove only) --> "C:\Program Files\AOL Games\Babysitting Mania\Uninstall.exe"
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\AOL Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\AOL Games\Bejeweled 2 Deluxe\Install.log"
Belle's Beauty Boutique™ --> C:\PROGRA~1\NICKAR~1\BELLE'~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\BELLE'~1\INSTALL.LOG
Betty's Beer Bar --> C:\PROGRA~1\AOLGAM~1\BETTYS~1\UNWISE.EXE C:\PROGRA~1\AOLGAM~1\BETTYS~1\INSTALL.LOG
Big Island Blends --> C:\PROGRA~1\AOLGAM~1\BIGISL~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\BIGISL~1\INSTALL.LOG
Burger Island (remove only) --> "C:\Program Files\AOL Games\Burger Island\Uninstall.exe"
Cathys Caribbean Club --> "C:\Program Files\IncrediGames\Cathys Caribbean Club\Uninstall.exe" "C:\Program Files\IncrediGames\Cathys Caribbean Club\install.log"
CD Wave Editor version 1.96.1 --> "C:\Program Files\CD Wave\unins000.exe"
Cindys Sundaes (remove only) --> "C:\Program Files\AOL Games\Cindys Sundaes\Uninstall.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Deer Drive (remove only) --> "C:\Program Files\AOL Games\Deer Drive\Uninstall.exe"
Delicious 2 Deluxe --> C:\PROGRA~1\AOLGAM~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\DELICI~1\INSTALL.LOG
Diner Dash - Flo on the Go (remove only) --> "C:\Program Files\AOL Games\Diner Dash - Flo on the Go\Uninstall.exe"
Diner Dash - Hometown Hero (remove only) --> "C:\Program Files\AOL Games\Diner Dash - Hometown Hero\Uninstall.exe"
Dress Shop Hop (remove only) --> "C:\Program Files\Yahoo! Games\Dress Shop Hop\Uninstall.exe"
Fab Fashion --> C:\PROGRA~1\AOLGAM~1\FABFAS~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\FABFAS~1\INSTALL.LOG
Family Restaurant --> C:\PROGRA~1\AOLGAM~1\FAMILY~1\UNWISE.EXE C:\PROGRA~1\AOLGAM~1\FAMILY~1\INSTALL.LOG
Fashion Boutique --> C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\INSTALL.LOG
Fashion Fits --> "C:\Program Files\IncrediGames\Fashion Fits\Uninstall.exe" "C:\Program Files\IncrediGames\Fashion Fits\install.log"
Flip or Flop (remove only) --> "C:\Program Files\AOL Games\Flip or Flop\Uninstall.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2 --> "C:\Documents and Settings\family\My Documents\VIRUS PROTECTION\HijackThis.exe" /uninstall
Home Sweet Home --> C:\PROGRA~1\AOLGAM~1\HOMESW~1\UNWISE.EXE C:\PROGRA~1\AOLGAM~1\HOMESW~1\INSTALL.LOG
Hot Dish --> C:\PROGRA~1\SHOCKW~1.COM\HOTDIS~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\HOTDIS~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Ice Cream Craze --> C:\PROGRA~1\SHOCKW~1.COM\ICECRE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ICECRE~1\INSTALL.LOG
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Jojos Fashion Show (remove only) --> "C:\Program Files\AOL Games\Jojos Fashion Show\Uninstall.exe"
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miss Management --> C:\PROGRA~1\AOLGAM~1\MISSMA~1\UNWISE.EXE C:\PROGRA~1\AOLGAM~1\MISSMA~1\INSTALL.LOG
Monopoly Here & Now Edition (remove only) --> "C:\Program Files\Yahoo! Games\Monopoly Here & Now Edition\Uninstall.exe"
MTV's Virtual World (remove only) --> "C:\Program Files\MTV Virtual World\MTVVWClientUninst.exe"
Nanny Mania (remove only) --> "C:\Program Files\AOL Games\Nanny Mania\Uninstall.exe"
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Pizza Frenzy --> C:\PROGRA~1\AOLGAM~1\PIZZAF~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\PIZZAF~1\INSTALL.LOG
Puppy Luv (remove only) --> "C:\Program Files\AOL Games\Puppy Luv\Uninstall.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Sally's Salon --> C:\PROGRA~1\AOLGAM~1\SALLY'~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\SALLY'~1\INSTALL.LOG
Shopmania --> "C:\Program Files\IncrediGames\Shopmania\Uninstall.exe" "C:\Program Files\IncrediGames\Shopmania\install.log"
SpongeBob Diner Dash (remove only) --> "C:\Program Files\AOL Games\SpongeBob Diner Dash\Uninstall.exe"
SpongeBob SquarePants Diner Dash --> C:\PROGRA~1\NICKAR~1\SPONGE~2\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~2\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
The Exchange Student Episode 1 --> "C:\Program Files\IncrediGames\The Exchange Student Episode 1\Uninstall.exe" "C:\Program Files\IncrediGames\The Exchange Student Episode 1\install.log"
The Office --> "C:\Program Files\IncrediGames\The Office\Uninstall.exe" "C:\Program Files\IncrediGames\The Office\install.log"
The Scruffs --> C:\PROGRA~1\SHOCKW~1.COM\THESCR~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\THESCR~1\INSTALL.LOG
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Vogue Tales (remove only) --> "C:\Program Files\Yahoo! Games\Vogue Tales\Uninstall.exe"
Wedding Dash ™ (remove only) --> "C:\Program Files\AOL Games\Wedding Dash ™\Uninstall.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windstream Broadband Check-up Center --> C:\WINDOWS\Motive\ALLTEL\MCCUninst.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoo Vet --> C:\PROGRA~1\SHOCKW~1.COM\ZOOVET~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ZOOVET~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type30440 / Error
Event Submitted/Written: 06/15/2008 10:45:24 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type30439 / Error
Event Submitted/Written: 06/15/2008 10:45:24 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type30438 / Error
Event Submitted/Written: 06/15/2008 10:45:24 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type29842 / Error
Event Submitted/Written: 06/12/2008 11:28:52 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: iTunes -- A later version of iTunes is already installed. Installation of this version cannot continue.

Event Record #/Type29748 / Warning
Event Submitted/Written: 06/12/2008 07:58:24 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type60208 / Error
Event Submitted/Written: 06/15/2008 10:35:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053

Event Record #/Type60207 / Error
Event Submitted/Written: 06/15/2008 10:35:43 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.

Event Record #/Type60206 / Error
Event Submitted/Written: 06/15/2008 10:35:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type60205 / Error
Event Submitted/Written: 06/15/2008 10:35:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053

Event Record #/Type60204 / Error
Event Submitted/Written: 06/15/2008 10:35:29 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.



-- End of Deckard's System Scanner: finished at 2008-06-15 22:46:44 ------------
  • 0

#4
Essexboy
Posted 16 June 2008 - 12:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah ha methinks I found it - so lets go on a killing spree :)

Firstly, to remove Norton download and run the relevant programme from this site and that will clear it off http://service1.syma...005033108162039

Now to work...

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

NEXT

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\family\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

FOLLOWED BY

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\dyajvssb.dll
C:\WINDOWS\system32\hQqXxGgh.ini2
C:\WINDOWS\system32\~.exe
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\hgGxXqQh
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\1cb99dbb
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Logs required : OTSCanit and OTMoveit
  • 0

#5
Essexboy
Posted 22 June 2008 - 04:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP