[knightlee]

Have tried all the standard options to get the internet working again, such as reinstalling tcp/ip, pinging out, restart and unhook everything, etc... Comcast guy said connection and modem are fine. Virus protector picked up a trojan I believe, but I don't have the name. It said it had deleted it successfully, but that may not have caught everything. Plus I can't upgrade my Adware app or my Virus protector since I don't have access, with the defected computer, to the internet. Tried removing everything with slightly old update, maybe like 2 months since update. But I have the HiJackThis required information. Thanks to all whom take a look at this. I didn't know if there were specific instructions to cure such a problem already on the site, because I don't know how to diagnose it. I even was like what the [bleep], I will wipe it all out and restart. I'm running XP Home Edition, and I was trying to install XP Pro, but I get the blue screen of death when I try to boot up XP Pro, probably due to this current problem/maybe virus; thankfully I still have XP Home Edition still running on there, so I (well You more so since I'm uneducated in this field) will just try to solve the source of the problem.

Bryan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:29 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Documents and Settings\Bryan Lee\Application Data\U3\0000184AA471F334\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9197 bytes






Process list saved on 7:48:26 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
664 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
756 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
800 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
812 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
944 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4114 ATI Technologies Inc.
972 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1136 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1172 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1372 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 103.5.6.3 Symantec Corporation
1428 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 103.5.6.3 Symantec Corporation
1552 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1656 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1.14.0.0 Apple, Inc.
1700 C:\Program Files\Symantec AntiVirus\DefWatch.exe 10.0.2.2000 Symantec Corporation
1748 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1764 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0 Microsoft Corporation
1856 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1868 C:\Program Files\Symantec AntiVirus\Rtvscan.exe 10.0.2.2000 Symantec Corporation
1988 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2.0.0.54 Viewpoint Corporation
1268 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation
2148 C:\Program Files\Common Files\Symantec Shared\ccApp.exe 103.5.6.3 Symantec Corporation
2164 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe 6.0.50.13 Sun Microsystems, Inc.
2172 C:\Program Files\Analog Devices\Core\smax4pnp.exe 5.2.0.5 Analog Devices, Inc.
2180 C:\Program Files\Real\RealPlayer\RealPlay.exe 6.0.9.584 RealNetworks, Inc.
2188 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe 3.0.0.0 CyberLink Corp.
2224 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 12.0.4518.1014 Microsoft Corporation
2256 C:\Program Files\iTunes\iTunesHelper.exe 7.6.2.9 Apple Inc.
2284 C:\PROGRA~1\SYMANT~1\vptray.exe 10.0.2.2000 Symantec Corporation
2296 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
2304 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 2.0.16.0 Nero AG
2316 C:\Program Files\AIM\aim.exe 5.9.6089.0 America Online, Inc.
2324 C:\Program Files\Windows Media Player\WMPNSCFG.exe 11.0.5721.5145 Microsoft Corporation
2600 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 2.0.16.0 Nero AG
2908 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 2.0.16.0 Nero AG
3200 C:\Program Files\iPod\bin\iPodService.exe 7.6.2.9 Apple Inc.
3600 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe 2.0.0.54 Viewpoint Corporation
3800 C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe 3.1.2.17 Lavasoft Sweden
2068 C:\Documents and Settings\Bryan Lee\Application Data\U3\0000184AA471F334\LaunchPad.exe 1.4.0.2
688 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc.




3ivx D4 4.5.1 (remove only)
7-Zip 4.23
Ad-Aware SE Plus
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
AnswerWorks 4.0 Runtime - English
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Toolbar 2.0
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Azureus
Azureus Vuze
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v3.9.0
DVDFab Platinum 4.1.2.0
FXCM Trading Station II
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® 537EP V9x DF PCI Modem
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
KeyNote 1.6.5
LimeWire 4.12.11
LiveUpdate 2.6 (Symantec Corporation)
Market Research Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.14)
Nero 7 Ultra Edition
neroxml
Netflix Movie Viewer
On2 VP7 Personal Edition
PowerDVD 5.3
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB943460)
SoundMAX
StatTools 1.1 for Excel
Symantec AntiVirus
TurboTax Deluxe Deduction Maximizer 2006
TurboTax Home & Business 2007
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb937833)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WexTech AnswerWorks
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XSite Pro

[Advertisements]

Hi, knightlee

Welcome.

Lets test the network system.

Download the enclosed folder. [attachment=21552:Test.zip]Save and extract its contents to the desktop. It is a batch file to obtain networking information from your computer. Once extracted, click on the Test.bat file and post back the the contents of the Results.txt it shall produce.

[JSntgRvr]

Hi, knightlee

Welcome.

Lets test the network system.

Download the enclosed folder. [attachment=21552:Test.zip]Save and extract its contents to the desktop. It is a batch file to obtain networking information from your computer. Once extracted, click on the Test.bat file and post back the the contents of the Results.txt it shall produce.

[knightlee]

Here is report requested... And I have included a windows diagnostic... I don't know if the extra info is useful, but it was what I had just completed myself.
I won't add more than asked from now, but I had this up in front of me.

Local Area Connection:
Node IpAddress: [98.223.211.31] Scope Id: []



NetBIOS Local Name Table



Name Type Status

---------------------------------------------

BRYAN <00> UNIQUE Registered

BRYAN <20> UNIQUE Registered

MSHOME <00> GROUP Registered



Windows IP Configuration



Host Name . . . . . . . . . . . . : bryan

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.in.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.in.comcast.net.

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-8A-E1-9D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 98.223.211.31

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Default Gateway . . . . . . . . . : 98.223.208.1

DHCP Server . . . . . . . . . . . : 68.87.72.19

DNS Servers . . . . . . . . . . . : 68.87.72.130

68.87.77.130

Lease Obtained. . . . . . . . . . : Wednesday, June 18, 2008 9:35:47 PM

Lease Expires . . . . . . . . . . : Sunday, June 22, 2008 9:24:38 PM

Ping request could not find host Yahoo.com. Please check the name and try again.

Ping request could not find host Google.com. Please check the name and try again.

These Windows services are started:

Apple Mobile Device
Application Layer Gateway Service
Ati HotKey Poller
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HTTP SSL
iPod Service
IPSEC Services
Machine Debug Manager
Messenger
Network Connections
Network Location Awareness (NLA)
NMIndexingService
Plug and Play
Print Spooler
Protected Storage
QoS RSVP
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery Service
Symantec AntiVirus
Symantec AntiVirus Definition Watcher
Symantec Event Manager
Symantec Settings Manager
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
Universal Plug and Play Device Host
Viewpoint Manager Service
WebClient
Windows Audio
Windows Driver Foundation - User-mode Driver Framework
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Time
Wireless Zero Configuration
Workstation

The command completed successfully.



-----------------------------------------------------------------------------------------------------------





Last diagnostic run time: 06/18/08 21:20:07 DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): no
No DNS servers

DNS failure

info Query [www.microsoft.com] against DNS Server 68.87.72.130, (Type = 0x1, Options = 0x10e8) returns 0x5b4
info Query [www.microsoft.com] against DNS Server 68.87.77.130, (Type = 0x1, Options = 0x10e8) returns 0x5b4
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info Query [www.microsoft.com] against DNS Server 68.87.72.130, (Type = 0x1, Options = 0x10e8) returns 0x5b4
info Query [www.microsoft.com] against DNS Server 68.87.77.130, (Type = 0x1, Options = 0x10e8) returns 0x5b4
info Redirecting user to support call



Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 98.223.208.1
info This computer has the following IP address(es): 98.223.211.31
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 98.223.208.1
info This computer has the following IP address(es): 98.223.211.31
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Automated repair: Reset network connection
action Disabling the network adapter
action Enabling the network adapter
info Network adapter successfully enabled
info This computer has the following default gateway entry(ies): 98.223.208.1
info This computer has the following IP address(es): 98.223.211.31
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Manual repair: Reboot modem
info This computer has the following default gateway entry(ies): 98.223.208.1
info This computer has the following IP address(es): 98.223.211.31
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 98.223.208.1
info This computer has the following IP address(es): 98.223.211.31
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue



IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed



IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 98.223.211.31



Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Broadcom NetXtreme 57xx Gigabit Controller, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

[JSntgRvr]

Hi, knightlee

Lets check some settings on your system:

• Enter your Control Panel and double-click on Network Connections
• Then right click on your Default Connection
  
  • Usually Local Area Connection for Cable and DSL, or AOL Connection.
• Left click on Properties
• Double-Click on the Internet Protocol (TCP/IP) item
• Select the radio dial that says Obtain DNS Servers Automatically
• Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer.

If you receive an error message while executing these commands, write the exact error message and post it in your next reply.

If the above process fails, change your preferred and Alternate DNS server to OpenDNS:

• Enter your Control Panel and double-click on Network Connections
• Then right click on your Default Connection
  
  • Usually Local Area Connection for Cable and DSL, or AOL Connection.
• Left click on Properties
• Double-Click on the Internet Protocol (TCP/IP) item
• Select the radio dial that says Use the following DNS Servers Addresses
• Enter the following:
  
  • Preferred DNS server: 208.67.222.222
  • Alternate DNS server: 208.67.220.220
• Press OK twice to get out of the properties screen

Restart and re-retry.

Keep me posted.

[knightlee]

The first method was a success! Thank you so much for your help. I can't express gratitude enough. You're a good person!!! haha, but yea anyways, it's working.

One quick question: What would cause me to have to go through such a process to begin with?

Sincerely,

Bryan

[JSntgRvr]

Hi, knightlee

I am glad you are back online.

Windows Sockets are always under attack by malware.

Lets check the computer for malware:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply along with a Hijackthis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[knightlee]

Malwarebytes' Anti-Malware 1.17
Database version: 870

6:54:54 PM 6/19/2008
mbam-log-6-19-2008 (18-54-54).txt

Scan type: Quick Scan
Objects scanned: 45903
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.




------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:16 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9166 bytes

[JSntgRvr]

The log looks clear. How is the computer doing?

[knightlee]

Everything is running great. My virus protector found two things, IRC.mimic and IRC Trojan . So I was curious if I had anything else to worry about, in regard to those finds.

But other than that, it seems to even be running a bit faster than usual also. I am delighted with the service you've provided. Above and beyond any other forum I've ever been on.

Bryan

[knightlee]

It also just randomly picked up two more IRC.mimics while my computer was just idling as i stepped out the door. Just updating the symptoms...

[JSntgRvr]

Hi, knightlee

Chances are these detections are part of the System Restore backups. Lets do another scan.

Please do an online scan with Kaspersky WebScanner (Use internet Explorer)

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[knightlee]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 21, 2008 00:35:22
Records in database: 879831
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 61190
Threat name: 9
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 01:57:52


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: Backdoor.IRC.Zapchast 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: Backdoor.IRC.Flood.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: not-a-virus:RemoteAdmin.Win32.NetCat 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: Trojan.BAT.Zapchast 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: not-a-virus:RiskTool.Win32.HideWindows 2
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: not-a-virus:RiskTool.Win32.PsExec.13 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: not-a-virus:Client-IRC.Win32.mIRC.507 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: IRC-Worm.IRC.Froze 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01CC0000.VBN Infected: Backdoor.IRC.Cloner 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: Backdoor.IRC.Zapchast 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: Backdoor.IRC.Flood.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: not-a-virus:RemoteAdmin.Win32.NetCat 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: Trojan.BAT.Zapchast 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: not-a-virus:RiskTool.Win32.HideWindows 2
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: not-a-virus:RiskTool.Win32.PsExec.13 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: not-a-virus:Client-IRC.Win32.mIRC.507 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: IRC-Worm.IRC.Froze 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: Backdoor.IRC.Cloner 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C180000\4C5BF365.VBN Infected: Backdoor.IRC.Cloner 1

C:\WINDOWS\system32\drivers\etc\tmp8\spsexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 1

The selected area was scanned.

[JSntgRvr]

Hi, knightlee

Open Norton and flush the Quarantine.

Please go to Start -> Run, copy and paste the following command and click OK.

CMD /C Dir /a C:\WINDOWS\system32\drivers\etc\tmp8 >>"%UserProfile%\Desktop\Report.txt

That should produce a text file on your desktop. Open this file in Notepad and post its content in your next reply. If you recognize this folder, please let me know.

Lets take a deeper look:

Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.

If the files are too long, attach them to a reply:

• Scroll down and click the [Manage Attachments] button
• Browse to the following folder:
  
  • C:\Deckard\System Scanner
• Click Upload to upload these files one by one
• Submit your reply

[knightlee]

Contents of command ran were not familiar to me...

Volume in drive C has no label.
Volume Serial Number is 4486-8EBE

Directory of C:\WINDOWS\system32\drivers\etc\tmp8

06/19/2008 02:07 PM <DIR> .
06/19/2008 02:07 PM <DIR> ..
09/11/2007 06:14 PM 92 123.bat
09/11/2007 12:20 AM 33,236 amateursindex-info-0003.jpg
09/11/2007 12:20 AM 73,169 amateursindex-info-0004.jpg
03/08/2001 01:00 AM 17,566 httpget.exe
08/19/2007 04:05 AM 37 kill.bat
03/14/2004 05:56 PM 35,600 kill.exe
07/06/2007 12:58 AM 182,002,016 Nero.exe
09/25/2007 05:05 AM 83 ntinstall.ini
09/25/2007 05:08 AM 89 qb.bat
09/03/2007 01:22 AM 54 qbkill.bat
01/07/2007 12:35 AM 4,132 smnt.scr
03/14/2004 05:57 PM 122,880 spsexec.exe
12/16/2006 01:22 AM 712,704 win32update.exe
13 File(s) 183,001,658 bytes
2 Dir(s) 45,867,941,888 bytes free

-------------------------------------------------------------------
Main.txt

Deckard's System Scanner v20071014.68
Run by Bryan Lee on 2008-06-21 21:18:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-06-22 01:18:09 UTC - RP3146 - Deckard's System Scanner Restore Point
93: 2008-06-21 07:56:13 UTC - RP3145 - Software Distribution Service 3.0
92: 2008-06-20 23:12:53 UTC - RP3144 - System Checkpoint
91: 2008-06-19 22:56:23 UTC - RP3143 - Software Distribution Service 3.0
90: 2008-06-19 16:16:54 UTC - RP3142 - Internet Working


-- First Restore Point --
1: 2008-03-24 09:58:25 UTC - RP3053 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bryan Lee.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:09 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Bryan Lee\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bryan Lee.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9018 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 SMC2208 (SMC Compact USB to Ethernet converter) - c:\windows\system32\drivers\smc2208.sys <Not Verified; SMC2208USB/ETH; SMC Compact USB to Ethernet converter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Roxio Upnp Server 9 - "c:\program files\common files\sonic shared\roxioupnpservice9.exe" (file missing)
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 Roxio UPnP Renderer 9 - "c:\program files\common files\sonic shared\roxioupnprenderer9.exe" (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 10:57:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-19 18:47:11 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\Malwarebytes
2008-06-19 18:47:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 18:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 19:47:16 0 d-------- C:\Program Files\Trend Micro
2008-06-15 14:46:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-15 14:46:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-15 14:46:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-15 14:46:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-15 14:46:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-15 14:46:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-15 14:46:20 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-15 14:46:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-15 14:46:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-15 14:46:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-15 14:46:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-15 14:46:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-15 14:46:20 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-15 14:46:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-15 14:46:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-13 21:52:59 0 d-------- C:\$WIN_NT$.~BT
2008-06-05 00:48:50 0 d-------- C:\Program Files\ACW
2008-06-03 23:26:48 0 d-------- C:\ERDNT
2008-06-03 18:02:47 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\Lavasoft
2008-05-30 20:23:14 0 d-------- C:\mhdrive
2008-05-27 18:55:30 0 d-------- C:\Program Files\iPod
2008-05-27 18:55:26 0 d-------- C:\Program Files\iTunes
2008-05-27 18:50:28 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-06-21 21:19:29 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-19 01:12:34 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\Vso
2008-06-18 21:39:35 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\U3
2008-06-08 03:28:41 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-06-05 12:32:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 12:32:18 0 d-------- C:\Program Files\Broadcom
2008-06-02 22:53:54 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\Azureus
2008-05-27 18:54:28 0 d-------- C:\Program Files\QuickTime
2008-05-07 15:13:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-07 15:13:34 0 d-------- C:\Program Files\Common Files
2008-05-07 15:12:49 0 d-------- C:\Documents and Settings\Bryan Lee\Application Data\AdobeUM
2008-04-26 18:10:49 0 d-------- C:\Program Files\Azureus
2008-04-08 21:07:13 34 --a------ C:\Documents and Settings\Bryan Lee\Application Data\pcouffin.log
2008-04-08 21:07:10 47360 --a------ C:\Documents and Settings\Bryan Lee\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-08 21:07:10 1144 --a------ C:\Documents and Settings\Bryan Lee\Application Data\pcouffin.inf
2008-04-08 21:07:10 7887 --a------ C:\Documents and Settings\Bryan Lee\Application Data\pcouffin.cat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/04/2005 04:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [12/21/2005 09:36 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 08:54 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/30/2005 01:05 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 02:26 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 08:03 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 04:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-21 21:20:42 ------------

------------------------------------------------------------------------------------------------------------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.09 MiB / 564.13 MiB
Pagefile Memory (total/avail): 2462.88 MiB / 2137.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.97 MiB

C: is Fixed (NTFS) - 74.5 GiB total, 42.65 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Fixed (FAT32) - 111.76 GiB total, 4.69 GiB free.

\\.\PHYSICALDRIVE0 - HDS728080PLA380 - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:

\\.\PHYSICALDRIVE1 - WD 1200BB External USB Device - 111.79 GiB - 1 partition
\PARTITION0 - Unknown - 111.79 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1135215350\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1135215350\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Ingenuware\\ChessRally 2\\ChessRally.exe"="C:\\Program Files\\Ingenuware\\ChessRally 2\\ChessRally.exe:*:Enabled:ChessRally 2 - Single and Multi-Player Chess For Windows 9x/Me/NT/2K/XP/2K3."
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bryan Lee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRYAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bryan Lee
LOGONSERVER=\\BRYAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRYANL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRYANL~1\LOCALS~1\Temp
USERDOMAIN=BRYAN
USERNAME=Bryan Lee
USERPROFILE=C:\Documents and Settings\Bryan Lee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bryan Lee (admin)
Pamela (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {65482307-FE7D-4E7F-9DEF-3F0E841BC77A}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
7-Zip 4.23 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
DVDFab Platinum 4.1.2.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
FXCM Trading Station II --> F:\CANDLE~1\FXTS2\uninstall.exe FXCM Trading Station II
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyNote 1.6.5 --> "C:\Program Files\KeyNote\unins000.exe"
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Market Research Wizard --> MsiExec.exe /I{B765ED87-675F-48E6-A02B-1A6C650E648F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
StatTools 1.1 for Excel --> C:\WINDOWS\system32\unwise32.EXE C:\PROGRA~1\Palisade\STATTO~1\Install.log StatTools 1.1 for Excel
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XSite Pro --> C:\WINDOWS\XSite Pro Uninstaller.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4498 / Error
Event Submitted/Written: 06/20/2008 02:13:57 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: IRC Trojan in File: C:\SYSTEM~1\_RESTO~1\RP3142\A0094647.hlp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Event Record #/Type4497 / Error
Event Submitted/Written: 06/20/2008 02:13:57 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: IRC Trojan in File: C:\System Volume Information\_restore{61CC4865-F2C8-49B4-92FE-BAE175495AE3}\RP3142\A0094647.hlp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Event Record #/Type4496 / Error
Event Submitted/Written: 06/20/2008 02:13:57 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: IRC Trojan in File: C:\SYSTEM~1\_RESTO~1\RP3142\A0094647.hlp by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Event Record #/Type4495 / Error
Event Submitted/Written: 06/20/2008 01:23:29 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: IRC.Mimic in File: C:\SYSTEM~1\_RESTO~1\RP3142\A0094646.ini by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type4494 / Error
Event Submitted/Written: 06/20/2008 01:23:29 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: IRC.Mimic in File: C:\System Volume Information\_restore{61CC4865-F2C8-49B4-92FE-BAE175495AE3}\RP3142\A0094646.ini by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23780 / Warning
Event Submitted/Written: 06/21/2008 09:20:24 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type23772 / Warning
Event Submitted/Written: 06/21/2008 04:14:20 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type23768 / Warning
Event Submitted/Written: 06/21/2008 03:59:16 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type23730 / Warning
Event Submitted/Written: 06/20/2008 01:53:36 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type23708 / Warning
Event Submitted/Written: 06/20/2008 00:08:33 PM / 06/20/2008 00:09:31 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-06-21 21:20:42 ------------


-----------------------------------------------------------------------------------------------------------

FYI- When i ran DSS I turned off my firewall and disconnected from the internet. Let me know if that was wrong.

[JSntgRvr]

Hi, knightlee

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folder (if present):

C:\WINDOWS\system32\drivers\etc\tmp8

Go to the Control Panel. Click on the JAVA icon. Under Temporary Internet Files, click on Settings. Click on Delete Files, then Ok, out of the properties window.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Alternate download:

http://filehippo.com...d_java_runtime/

The rest looks clear. How is it doing now?