Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad-aware scan


  • This topic is locked This topic is locked

#1
vmus

vmus

    Member

  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:04 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - C:\WINDOWS\system32\khfeCrPH.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e8bd5f5b] rundll32.exe "C:\WINDOWS\system32\ufpkggwp.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SearchAndDestroyT] "C:\Program Files\Search And Destroy\SearchAndDestroy.exe"
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4709 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello vmus

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1700+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1535.48 MiB / 1121.11 MiB
Pagefile Memory (total/avail): 3434.89 MiB / 3064.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.53 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 15.78 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L080AVVA07-0 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Pro Firewall v7.0.473.000 (Check Point, LTD.)
AV: avast! antivirus 4.8.1201 [VPS 080620-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dlbtcoms.exe"="C:\\WINDOWS\\system32\\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Vern Musil\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-C0IG4074DU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vern Musil
LOGONSERVER=\\HOME-C0IG4074DU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HOME-C0IG4074DU
USERNAME=Vern Musil
USERPROFILE=C:\Documents and Settings\Vern Musil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vern Musil (admin)
Administrator.HOME-C0IG4074DU (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Creative Rhythmania\Rhythm.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Keytar\Keytar.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\RemoteCenter\remote.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SurMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Cheetah CD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}\Setup.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CreataCard Gold 3 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Gold\DeIsL1.isu"
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox Driver\DrvUnins.exe /s
Creative NOMAD II Driver --> C:\Program Files\Creative\NOMAD2 Driver\DrvUnins.exe /s
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ffdshow [rev 1953] [2008-05-04] --> "C:\Program Files\ffdshow\unins000.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic DVD Ripper V5.3 build 4 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Sound Blaster Live! --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type659 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type658 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type657 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type656 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type655 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2205 / Error
Event Submitted/Written: 06/20/2008 03:07:18 AM / 06/20/2008 03:07:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%5

Event Record #/Type2201 / Error
Event Submitted/Written: 06/20/2008 03:04:40 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.

Event Record #/Type2200 / Error
Event Submitted/Written: 06/20/2008 02:59:30 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.

Event Record #/Type2199 / Error
Event Submitted/Written: 06/20/2008 02:57:36 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.

Event Record #/Type2198 / Error
Event Submitted/Written: 06/20/2008 02:52:26 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.



-- End of Deckard's System Scanner: finished at 2008-06-21 11:02:31 ------------

Deckard's System Scanner v20071014.68
Run by Vern Musil on 2008-06-21 10:52:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2008-06-21 15:52:28 UTC - RP98 - Deckard's System Scanner Restore Point
97: 2008-06-21 10:23:12 UTC - RP97 - Last known good configuration
96: 2008-06-21 10:23:06 UTC - RP96 - Software Distribution Service 3.0
95: 2008-06-21 10:23:06 UTC - RP95 - Installed Windows Defender
94: 2008-06-21 10:23:06 UTC - RP94 - Last known good configuration


-- First Restore Point --
1: 2008-06-21 10:22:53 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Vern Musil.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:16 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Documents and Settings\Vern Musil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern Musil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - C:\WINDOWS\system32\khfeCrPH.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e8bd5f5b] rundll32.exe "C:\WINDOWS\system32\ufpkggwp.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SearchAndDestroyT] "C:\Program Files\Search And Destroy\SearchAndDestroy.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4889 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080618-172226-109 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
backup-20080618-172226-713 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20080618-172226-870 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080618-172226-996 O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
backup-20080618-183631-115 O2 - BHO: Ask Search Assistant BHO - {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
backup-20080618-183631-613 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183631-632 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183631-730 R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
backup-20080618-183632-110 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183632-369 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080619-024759-536 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20080619-024759-552 O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
backup-20080619-164126-151 O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080620-174621-323 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1209863800375
backup-20080620-174621-530 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-21 10:46:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-15 03:30:00 436 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 07:47:50 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\TrojanHunter
2008-06-21 07:00:09 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-21 05:06:55 0 d-------- C:\Program Files\Windows Defender
2008-06-21 04:53:04 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\SendTo
2008-06-21 04:52:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Identities
2008-06-21 04:52:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\NetHood
2008-06-21 04:52:07 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
2008-06-21 04:52:02 0 dr-h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Recent
2008-06-21 04:52:02 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-21 04:52:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-06-21 04:29:02 81408 --a------ C:\WINDOWS\system32\ufpkggwp.dll
2008-06-21 04:27:42 7103 --ahs---- C:\WINDOWS\system32\HPrCefhk.ini2
2008-06-21 04:02:04 0 --a------ C:\WINDOWS\system32\MSVolume.dll
2008-06-21 04:01:48 0 d-------- C:\WINDOWS\Search And Destroy
2008-06-21 04:00:55 0 d-------- C:\Program Files\Search And Destroy
2008-06-20 17:23:04 0 d-------- C:\Documents and Settings\Administrator.HOME-C0IG4074DU\Application Data\Mozilla
2008-06-18 17:41:20 0 d-------- C:\Program Files\Lavasoft
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 03:01:24 0 d-------- C:\Program Files\Trend Micro
2008-06-17 17:30:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-16 17:15:47 164 --a------ C:\install.dat
2008-06-16 17:02:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-16 14:04:24 0 d-------- C:\Program Files\SpywareBlaster
2008-06-15 20:35:00 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Google
2008-06-15 15:06:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-15 15:06:27 0 d-------- C:\Program Files\FlashGet
2008-06-15 10:51:09 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Leadertech
2008-06-15 10:49:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-15 10:48:41 5120 --a------ C:\sgxty.exe
2008-06-15 10:48:01 93696 --a------ C:\iwfgofxx.exe
2008-06-15 10:47:56 65456 --a------ C:\WINDOWS\system32\narqwe.sys
2008-06-15 10:47:49 407094 --a------ C:\setupupdate.exe
2008-06-15 05:19:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-06-14 18:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-06-14 17:15:27 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Axara
2008-06-14 17:14:41 0 d-------- C:\Program Files\Common Files\Axara
2008-06-14 17:14:40 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-14 17:14:39 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-14 17:14:39 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-14 17:14:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-14 17:14:38 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-06 03:09:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-06 03:05:05 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-06 03:05:05 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-06 03:05:05 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-06 03:05:01 0 d-------- C:\Program Files\Cucusoft
2008-06-06 03:04:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 07:36:13 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-05-24 11:46:15 0 d-------- C:\Program Files\MagicDVDRipper


-- Find3M Report ---------------------------------------------------------------

2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files
2008-06-17 17:13:45 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Mozilla
2008-06-16 17:20:07 0 d--h----- C:\Program Files\Google
2008-06-15 20:39:34 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 20:34:00 0 d-------- C:\Program Files\VideoLAN
2008-06-15 08:06:02 92 --a------ C:\Documents and Settings\Vern Musil\Application Data\burnaware.ini
2008-05-23 14:27:04 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 14:26:26 0 d-------- C:\Program Files\DVD Shrink
2008-05-19 17:55:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart
2008-05-19 17:18:20 0 d-------- C:\Program Files\ACW
2008-05-12 03:04:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 18:45:48 0 d-------- C:\Program Files\DivX
2008-05-11 18:27:38 30 --a------ C:\WINDOWS\G@
2008-05-11 18:21:37 0 d-------- C:\Program Files\Creative
2008-05-11 14:17:58 0 d-------- C:\Program Files\ffdshow
2008-05-11 14:13:28 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\vlc
2008-05-11 14:04:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Media Player Classic
2008-05-11 14:03:31 0 d-------- C:\Program Files\XP Codec Pack
2008-05-11 13:36:51 0 d-------- C:\Program Files\AC3Filter
2008-05-11 13:36:50 0 d-------- C:\Program Files\AskSBar
2008-05-10 09:53:08 0 d-------- C:\Program Files\FrostWire
2008-05-10 00:00:14 0 d-------- C:\Program Files\PCRescue3.0
2008-05-09 16:31:23 0 d-------- C:\Program Files\CreataCard
2008-05-07 17:29:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\DivX
2008-05-06 14:27:33 0 d-------- C:\Program Files\Java
2008-05-05 16:33:42 0 d-------- C:\Program Files\MP3Gain
2008-05-05 16:27:54 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\FrostWire
2008-05-05 16:17:25 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Sun
2008-05-05 13:54:37 0 d-------- C:\Program Files\Photodex Presenter
2008-05-05 13:54:36 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Netscape
2008-05-05 13:54:17 0 d-------- C:\Program Files\Photodex
2008-05-05 13:51:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Photodex
2008-05-04 17:54:26 0 d-------- C:\Program Files\messenger
2008-05-04 12:28:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-04 12:28:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 09:23:19 0 d-------- C:\Program Files\Cheetah Burner
2008-05-04 07:27:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Adobe
2008-05-04 07:25:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 07:20:46 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Macromedia
2008-05-04 06:37:38 0 d-------- C:\Program Files\Aspect one
2008-05-04 06:31:11 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-04 05:20:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Acoustica
2008-05-04 04:54:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 21:11:33 0 d-------- C:\Program Files\Movie Maker
2008-05-03 21:11:18 0 d-------- C:\Program Files\Windows NT
2008-05-03 20:17:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 19:02:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 18:38:22 0 d-------- C:\Program Files\RegistryFix
2008-05-03 13:39:37 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\WinRAR
2008-05-03 13:02:02 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 12:48:51 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2008-05-03 09:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 08:40:39 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Identities
2008-05-03 08:26:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-03 07:49:45 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-03 07:44:24 0 d-------- C:\Program Files\NoAdware4
2008-05-03 03:14:02 62 --ahs---- C:\Documents and Settings\Vern Musil\Application Data\desktop.ini
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02f6ba3-af81-4627-8f91-136634a63650}]
C:\WINDOWS\system32\khfeCrPH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [06/12/2001 03:20 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 09:26 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [11/10/2004 02:36 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"PCRescue"="C:\Program Files\PCRescue3.0\PCRescue.exe" [06/24/2005 09:53 AM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"e8bd5f5b"="C:\WINDOWS\system32\ufpkggwp.dll" [06/21/2008 04:29 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:31 AM]
"SearchAndDestroyT"="C:\Program Files\Search And Destroy\SearchAndDestroy.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfeCrPH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^sonic cineplayer quick launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOMAD Detector]
"C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe




-- End of Deckard's System Scanner: finished at 2008-06-21 11:02:31 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
===============
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ufpkggwp.dll
    C:\WINDOWS\system32\HPrCefhk.ini2
    C:\WINDOWS\system32\MSVolume.dll
    C:\install.dat
    C:\sgxty.exe
    C:\iwfgofxx.exe
    C:\WINDOWS\system32\narqwe.sys
    C:\setupupdate.exe
    C:\WINDOWS\system32\ufpkggwp.dll
    C:\WINDOWS\system32\khfeCrPH.dll
    emptytemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==============
PLease post the OtMove it log,the Mbam log and a new dss log.
  • 0

#5
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
C:\WINDOWS\system32\HPrCefhk.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSVolume.dll
C:\WINDOWS\system32\MSVolume.dll NOT unregistered.
C:\WINDOWS\system32\MSVolume.dll moved successfully.
C:\install.dat moved successfully.
C:\sgxty.exe moved successfully.
C:\iwfgofxx.exe moved successfully.
File move failed. C:\WINDOWS\system32\narqwe.sys scheduled to be moved on reboot.
C:\setupupdate.exe moved successfully.
File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\khfeCrPH.dll not found.
< emptytempC:\WINDOWS\system32\ufpkggwp.dll >
File/Folder emptytempC:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\HPrCefhk.ini2 not found.
File/Folder C:\WINDOWS\system32\MSVolume.dll not found.
File/Folder C:\install.dat not found.
File/Folder C:\sgxty.exe not found.
File/Folder C:\iwfgofxx.exe not found.
File move failed. C:\WINDOWS\system32\narqwe.sys scheduled to be moved on reboot.
File/Folder C:\setupupdate.exe not found.
File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\khfeCrPH.dll not found.
< emptytemp >
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\Perflib_Perfdata_e54.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF3880.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF8F3A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0726a.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0726d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_061006

Files moved on Reboot...
File C:\WINDOWS\system32\narqwe.sys not found!
File C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\Perflib_Perfdata_e54.dat not found!
C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF3880.tmp moved successfully.
C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF8F3A.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_138.dat moved successfully.
C:\WINDOWS\temp\ZLT0726a.TMP moved successfully.
C:\WINDOWS\temp\ZLT0726d.TMP moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Malwarebytes' Anti-Malware 1.18
Database version: 876

6:35:59 AM 6/22/2008
mbam-log-6-22-2008 (06-35-59).txt

Scan type: Quick Scan
Objects scanned: 55278
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f30b1b0b-c305-414e-a4ff-ac93a08de0ac} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Search And Destroy\uninstall.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\Search And Destroy Setup Log.txt (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Log\2008 May 19 - 05_52_31 PM_046.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Registry Backups\2008-05-19_17-55-18.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\narqwe.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
Deckard's System Scanner v20071014.68
Run by Vern Musil on 2008-06-22 06:48:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Vern Musil.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:05 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vern Musil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VERNMU~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4966 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 06:19:19 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Malwarebytes
2008-06-22 06:19:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-22 06:19:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 06:02:53 57445272 --a------ C:\registrybackup.reg
2008-06-21 16:41:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:41:06 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\PC Tools
2008-06-21 07:47:50 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\TrojanHunter
2008-06-21 07:00:09 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-21 05:06:55 0 d-------- C:\Program Files\Windows Defender
2008-06-21 04:53:04 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\SendTo
2008-06-21 04:52:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Identities
2008-06-21 04:52:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\NetHood
2008-06-21 04:52:07 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
2008-06-21 04:52:02 0 dr-h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Recent
2008-06-21 04:52:02 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-21 04:52:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-06-20 17:23:04 0 d-------- C:\Documents and Settings\Administrator.HOME-C0IG4074DU\Application Data\Mozilla
2008-06-18 17:41:20 0 d-------- C:\Program Files\Lavasoft
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 03:01:24 0 d-------- C:\Program Files\Trend Micro
2008-06-17 17:30:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-16 17:02:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-15 20:35:00 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Google
2008-06-15 15:06:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-15 15:06:27 0 d-------- C:\Program Files\FlashGet
2008-06-15 10:51:09 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Leadertech
2008-06-15 10:49:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-15 05:19:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-06-14 18:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-06-14 17:15:27 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Axara
2008-06-14 17:14:41 0 d-------- C:\Program Files\Common Files\Axara
2008-06-14 17:14:40 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-14 17:14:39 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-14 17:14:39 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-14 17:14:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-14 17:14:38 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-06 03:09:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-06 03:05:05 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-06 03:05:05 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-06 03:05:05 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-06 03:05:01 0 d-------- C:\Program Files\Cucusoft
2008-06-06 03:04:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 07:36:13 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-05-24 11:46:15 0 d-------- C:\Program Files\MagicDVDRipper


-- Find3M Report ---------------------------------------------------------------

2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files
2008-06-17 17:13:45 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Mozilla
2008-06-16 17:20:07 0 d--h----- C:\Program Files\Google
2008-06-15 20:39:34 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 20:34:00 0 d-------- C:\Program Files\VideoLAN
2008-06-15 08:06:02 92 --a------ C:\Documents and Settings\Vern Musil\Application Data\burnaware.ini
2008-05-23 14:27:04 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 14:26:26 0 d-------- C:\Program Files\DVD Shrink
2008-05-19 17:18:20 0 d-------- C:\Program Files\ACW
2008-05-12 03:04:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 18:45:48 0 d-------- C:\Program Files\DivX
2008-05-11 18:27:38 30 --a------ C:\WINDOWS\G@
2008-05-11 18:21:37 0 d-------- C:\Program Files\Creative
2008-05-11 14:17:58 0 d-------- C:\Program Files\ffdshow
2008-05-11 14:13:28 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\vlc
2008-05-11 14:04:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Media Player Classic
2008-05-11 14:03:31 0 d-------- C:\Program Files\XP Codec Pack
2008-05-11 13:36:51 0 d-------- C:\Program Files\AC3Filter
2008-05-11 13:36:50 0 d-------- C:\Program Files\AskSBar
2008-05-10 09:53:08 0 d-------- C:\Program Files\FrostWire
2008-05-10 00:00:14 0 d-------- C:\Program Files\PCRescue3.0
2008-05-09 16:31:23 0 d-------- C:\Program Files\CreataCard
2008-05-07 17:29:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\DivX
2008-05-06 14:27:33 0 d-------- C:\Program Files\Java
2008-05-05 16:33:42 0 d-------- C:\Program Files\MP3Gain
2008-05-05 16:27:54 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\FrostWire
2008-05-05 16:17:25 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Sun
2008-05-05 13:54:37 0 d-------- C:\Program Files\Photodex Presenter
2008-05-05 13:54:36 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Netscape
2008-05-05 13:54:17 0 d-------- C:\Program Files\Photodex
2008-05-05 13:51:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Photodex
2008-05-04 17:54:26 0 d-------- C:\Program Files\messenger
2008-05-04 12:28:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-04 12:28:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 09:23:19 0 d-------- C:\Program Files\Cheetah Burner
2008-05-04 07:27:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Adobe
2008-05-04 07:25:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 07:20:46 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Macromedia
2008-05-04 06:37:38 0 d-------- C:\Program Files\Aspect one
2008-05-04 06:31:11 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-04 05:20:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Acoustica
2008-05-04 04:54:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 21:11:33 0 d-------- C:\Program Files\Movie Maker
2008-05-03 21:11:18 0 d-------- C:\Program Files\Windows NT
2008-05-03 20:17:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 19:02:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 18:38:22 0 d-------- C:\Program Files\RegistryFix
2008-05-03 13:39:37 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\WinRAR
2008-05-03 13:02:02 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 12:48:51 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2008-05-03 09:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 08:40:39 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Identities
2008-05-03 08:26:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-03 07:49:45 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-03 07:44:24 0 d-------- C:\Program Files\NoAdware4
2008-05-03 03:14:02 62 --ahs---- C:\Documents and Settings\Vern Musil\Application Data\desktop.ini
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02f6ba3-af81-4627-8f91-136634a63650}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [06/12/2001 03:20 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 09:26 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [11/10/2004 02:36 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"PCRescue"="C:\Program Files\PCRescue3.0\PCRescue.exe" [06/24/2005 09:53 AM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:31 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^sonic cineplayer quick launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOMAD Detector]
"C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe




-- End of Deckard's System Scanner: finished at 2008-06-22 06:50:49 ------------
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 12:11:26
Records in database: 880097
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 45247
Threat name 6
Infected objects 11
Suspicious objects 0
Duration of the scan 01:57:33

File name Threat name Threats count
C:\Deckard\System Scanner\20080622064852\backup\DOCUME~1\VERNMU~1\LOCALS~1\Temp\578setuphelper.exe Infected: not-a-virus:Server-Proxy.Win32.Bouncer.a 1
C:\Deckard\System Scanner\20080622064852\backup\DOCUME~1\VERNMU~1\LOCALS~1\Temp\SRSAI.exe Infected: not-a-virus:AdWare.Win32.Shopper.r 1
C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-4887102a Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-6a5a6ccc Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-5e7629e1.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\vern\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe Infected: not-a-virus:Downloader.Win32.ImLoader.e 1
C:\_OTMoveIt\MovedFiles\06222008_061006\iwfgofxx.exe Infected: Trojan-Dropper.Win32.Agent.sbe 1
C:\_OTMoveIt\MovedFiles\06222008_061006\sgxty.exe Infected: Trojan-Downloader.Win32.Small.iyu 1
The selected area was scanned.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-4887102a 
    C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-6a5a6ccc
    C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-5e7629e1.zip
    C:\Documents and Settings\vern\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=================
Please run dss again and post the log it produces.
Also post the Otmove it log and let me know how things are running.
  • 0

#9
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
File/Folder CODE not found.
File/Folder C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-4887102a not found.
File/Folder C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-6a5a6ccc not found.
File/Folder C:\Documents and Settings\vern\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-35851aee-5e7629e1.zip not found.
File/Folder C:\Documents and Settings\vern\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_200300
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please run dss again and post the log it produces and let me know how things are running.
  • 0

#11
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Deckard's System Scanner v20071014.68
Run by Vern Musil on 2008-06-22 20:53:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Vern Musil.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vern Musil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VERNMU~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-21-1177238915-1454471165-725345543-1003\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (User '?')
O4 - HKUS\S-1-5-21-1177238915-1454471165-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-1454471165-725345543-1003\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User '?')
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5576 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 06:19:19 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Malwarebytes
2008-06-22 06:19:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-22 06:19:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 06:02:53 57445272 --a------ C:\registrybackup.reg
2008-06-21 16:41:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:41:06 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\PC Tools
2008-06-21 07:47:50 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\TrojanHunter
2008-06-21 07:00:09 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-21 05:06:55 0 d-------- C:\Program Files\Windows Defender
2008-06-21 04:53:04 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\SendTo
2008-06-21 04:52:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Identities
2008-06-21 04:52:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\NetHood
2008-06-21 04:52:07 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
2008-06-21 04:52:02 0 dr-h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Recent
2008-06-21 04:52:02 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-21 04:52:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-06-20 17:23:04 0 d-------- C:\Documents and Settings\Administrator.HOME-C0IG4074DU\Application Data\Mozilla
2008-06-18 17:41:20 0 d-------- C:\Program Files\Lavasoft
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 03:01:24 0 d-------- C:\Program Files\Trend Micro
2008-06-17 17:30:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-16 17:02:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-15 20:35:00 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Google
2008-06-15 15:06:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-15 15:06:27 0 d-------- C:\Program Files\FlashGet
2008-06-15 10:51:09 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Leadertech
2008-06-15 10:49:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-15 05:19:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-06-14 18:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-06-14 17:15:27 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Axara
2008-06-14 17:14:41 0 d-------- C:\Program Files\Common Files\Axara
2008-06-14 17:14:40 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-14 17:14:39 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-14 17:14:39 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-14 17:14:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-14 17:14:38 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-06 03:09:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-06 03:05:05 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-06 03:05:05 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-06 03:05:05 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-06 03:05:01 0 d-------- C:\Program Files\Cucusoft
2008-06-06 03:04:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 07:36:13 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-05-24 11:46:15 0 d-------- C:\Program Files\MagicDVDRipper


-- Find3M Report ---------------------------------------------------------------

2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files
2008-06-17 17:13:45 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Mozilla
2008-06-16 17:20:07 0 d--h----- C:\Program Files\Google
2008-06-15 20:39:34 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 20:34:00 0 d-------- C:\Program Files\VideoLAN
2008-06-15 08:06:02 92 --a------ C:\Documents and Settings\Vern Musil\Application Data\burnaware.ini
2008-05-23 14:27:04 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 14:26:26 0 d-------- C:\Program Files\DVD Shrink
2008-05-19 17:18:20 0 d-------- C:\Program Files\ACW
2008-05-12 03:04:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 18:45:48 0 d-------- C:\Program Files\DivX
2008-05-11 18:27:38 30 --a------ C:\WINDOWS\G@
2008-05-11 18:21:37 0 d-------- C:\Program Files\Creative
2008-05-11 14:17:58 0 d-------- C:\Program Files\ffdshow
2008-05-11 14:13:28 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\vlc
2008-05-11 14:04:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Media Player Classic
2008-05-11 14:03:31 0 d-------- C:\Program Files\XP Codec Pack
2008-05-11 13:36:51 0 d-------- C:\Program Files\AC3Filter
2008-05-11 13:36:50 0 d-------- C:\Program Files\AskSBar
2008-05-10 09:53:08 0 d-------- C:\Program Files\FrostWire
2008-05-10 00:00:14 0 d-------- C:\Program Files\PCRescue3.0
2008-05-09 16:31:23 0 d-------- C:\Program Files\CreataCard
2008-05-07 17:29:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\DivX
2008-05-06 14:27:33 0 d-------- C:\Program Files\Java
2008-05-05 16:33:42 0 d-------- C:\Program Files\MP3Gain
2008-05-05 16:27:54 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\FrostWire
2008-05-05 16:17:25 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Sun
2008-05-05 13:54:37 0 d-------- C:\Program Files\Photodex Presenter
2008-05-05 13:54:36 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Netscape
2008-05-05 13:54:17 0 d-------- C:\Program Files\Photodex
2008-05-05 13:51:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Photodex
2008-05-04 17:54:26 0 d-------- C:\Program Files\messenger
2008-05-04 12:28:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-04 12:28:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 09:23:19 0 d-------- C:\Program Files\Cheetah Burner
2008-05-04 07:27:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Adobe
2008-05-04 07:25:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 07:20:46 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Macromedia
2008-05-04 06:37:38 0 d-------- C:\Program Files\Aspect one
2008-05-04 06:31:11 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-04 05:20:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Acoustica
2008-05-04 04:54:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 21:11:33 0 d-------- C:\Program Files\Movie Maker
2008-05-03 21:11:18 0 d-------- C:\Program Files\Windows NT
2008-05-03 20:17:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 19:02:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 18:38:22 0 d-------- C:\Program Files\RegistryFix
2008-05-03 13:39:37 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\WinRAR
2008-05-03 13:02:02 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 12:48:51 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2008-05-03 09:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 08:40:39 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Identities
2008-05-03 08:26:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-03 07:49:45 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-03 07:44:24 0 d-------- C:\Program Files\NoAdware4
2008-05-03 03:14:02 62 --ahs---- C:\Documents and Settings\Vern Musil\Application Data\desktop.ini
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02f6ba3-af81-4627-8f91-136634a63650}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [06/12/2001 03:20 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 09:26 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [11/10/2004 02:36 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"PCRescue"="C:\Program Files\PCRescue3.0\PCRescue.exe" [06/24/2005 09:53 AM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:31 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^sonic cineplayer quick launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOMAD Detector]
"C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe




-- End of Deckard's System Scanner: finished at 2008-06-22 20:56:13 ------------

ran ad-aware. it ran a little longer, but still shut down computer. maybe just reformat???
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Have you tried contacting them Lavasoft Support?)
IF you cannot get it resolved then I suggest removing Ad-Aware.
No need to format just remove the program.
If you no longer use Spyware Doctor then remov it as well.
==============================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#13
vmus

vmus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
everything has worked out. I thank you for all your time and help.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP