Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have viruses [CLOSED]


  • This topic is locked This topic is locked

#1
Torri

Torri

    New Member

  • Member
  • Pip
  • 3 posts
Messages pop up saying I have over 80 viruses like,Digispid.b.w,vbs.lisa and these W32's,Beagle,hhw,blebla,stopin,esbot,langex,pybot,explore,gandait,bobax.Backdoor
.Tofer,spyware,psp.trojan,js.speth,codered II,Trojan.stranget,keylogger.stawin.I most likely got more.Please tell me how to get rid of them.Thanks

I need to know what to remove,please help.

--------------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by Victoria Gibbs on 2008-06-29 01:37:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Victoria Gibbs.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:37: VIRUS ALERT!, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\Program Files\DefenderPro\TSAntiSpy.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Victoria Gibbs\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VICTOR~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - C:\Documents and Settings\Victoria Gibbs\Application Data\redir.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {8BCDB708-77A2-4C1C-B35C-C81FDCC045EF} - (no file)
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro\TSAntiSpy.exe /startup
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyGuarder] C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - https://ediagnostics....com/serval.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - http://www.worldwinn.../familyfeud.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94076A17-1EBE-40F4-AF37-9D762B5661C2}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11019 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 00:53:19 0 d-------- C:\Program Files\Trend Micro
2008-06-28 23:25:53 0 d-------- C:\WINDOWS\CSC
2008-06-27 17:50:27 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-06-25 00:45:10 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\ErrorRepairTool
2008-06-24 03:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-20 21:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-19 22:05:12 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-17 02:14:48 0 d-------- C:\Program Files\Sun
2008-06-16 16:40:39 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\Bin
2008-06-14 02:26:58 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\RegSweep
2008-06-13 23:01:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-13 21:13:08 0 d-------- C:\VIRUSfighter
2008-06-08 15:54:45 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-08 11:55:23 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-08 11:10:00 0 d--hs---- C:\FOUND.002
2008-06-08 10:42:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-08 00:10:44 0 d--hs---- C:\FOUND.001
2008-06-07 19:51:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-07 12:35:19 137 --a------ C:\WINDOWS\tsiwinfile.dat
2008-06-07 12:35:16 0 d-------- C:\WINDOWS\AntiSpy
2008-06-07 12:35:16 0 d-------- C:\Program Files\DefenderPro
2008-06-07 11:48:20 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 11:48:20 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 11:47:52 0 d-------- C:\Program Files\Defender Pro
2008-06-07 11:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-07 11:47:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 11:47:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 10:49:30 0 d--hs---- C:\FOUND.000
2008-06-07 06:40:40 0 d-------- C:\Program Files\SystemDefender
2008-06-07 06:02:14 1671680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\sg.dll
2008-06-07 05:28:18 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder
2008-06-07 05:20:46 1671680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
2008-06-07 04:30:10 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\TmpRecentIcons
2008-06-07 03:46:30 0 d-------- C:\Program Files\LabelCommand
2008-06-07 02:49:09 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\AXPDefender
2008-06-07 02:49:04 0 d-------- C:\Program Files\AXPDefender
2008-06-07 02:30:02 163840 --a------ C:\WINDOWS\eslm.exe
2008-06-03 03:02:00 0 d-------- C:\Program Files\MSXML 4.0
2008-06-02 04:30:25 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\MozillaControl
2008-06-02 04:30:25 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\Mozilla
2008-06-02 04:29:59 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-02 04:29:45 0 d-------- C:\Program Files\VideoLAN
2008-06-02 04:29:44 0 d-------- C:\Program Files\Graboid
2008-06-01 17:29:58 0 d-------- C:\Program Files\AOL 9.0
2008-06-01 17:13:56 0 d-------- C:\Program Files\Common Files\aolshare
2008-05-29 00:33:00 50016 -ra------ C:\WINDOWS\system\IYVU9.DLL
2008-05-29 00:33:00 151056 -ra------ C:\WINDOWS\system\IR32.DLL
2008-05-29 00:33:00 77664 -ra------ C:\WINDOWS\system\IR21.DLL
2008-05-29 00:32:59 1116 -ra------ C:\WINDOWS\MPLAYER.REG
2008-05-29 00:32:59 117536 -ra------ C:\WINDOWS\MPLAYER.EXE <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:59 12288 -ra------ C:\WINDOWS\MCIOLE.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:58 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:58 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-29 00:32:58 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:58 49616 -ra------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-29 00:32:57 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-29 00:32:57 24606 -ra------ C:\WINDOWS\system\OLE2.REG
2008-05-29 00:32:57 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-29 00:32:56 12800 -ra------ C:\WINDOWS\system\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-05-29 00:32:56 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:56 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-29 00:32:56 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:56 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:55 188960 -ra------ C:\WINDOWS\system\WINGDE.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-05-29 00:32:55 92208 -ra------ C:\WINDOWS\system\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-05-29 00:32:49 0 d-------- C:\MMAPP


-- Find3M Report ---------------------------------------------------------------

2008-06-28 23:04:30 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-18 00:24:28 0 d-------- C:\Program Files\Common Files\Mediafour
2008-05-18 00:23:32 0 d-------- C:\Program Files\Mediafour
2008-04-19 22:29:42 200 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-04-12 14:49:32 325346 --a------ C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_5203.exe <Not Verified; Buziol Games; Mario Forever>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
06/08/2008 01:15: VIRUS ALERT! 3794248 --a------ C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB604754-D031-4D2E-AB6C-BF3D367F6944}]
C:\Documents and Settings\Victoria Gibbs\Application Data\redir.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll [06/08/2008 01:15: VIRUS ALERT! 3794248]

[-HKEY_CLASSES_ROOT\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/15/2006 20:34: VIRUS ALERT!]
"SkyTel"="SkyTel.EXE" [08/16/2006 11:21: VIRUS ALERT! C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/16/2006 11:23: VIRUS ALERT! C:\WINDOWS\RTHDCPL.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [05/15/2006 11:15: VIRUS ALERT!]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [09/07/2006 19:52: VIRUS ALERT!]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [06/01/2006 14:40: VIRUS ALERT!]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [08/30/2006 09:57: VIRUS ALERT!]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 13:56: VIRUS ALERT!]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/10/2004 20:00: VIRUS ALERT! C:\WINDOWS\system32\bthprops.cpl]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/16/2006 11:20: VIRUS ALERT!]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [05/10/2006 11:12: VIRUS ALERT!]
"Alcmtr"="ALCMTR.EXE" [08/16/2006 11:20: VIRUS ALERT! C:\WINDOWS\Alcmtr.exe]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [07/28/2006 10:40: VIRUS ALERT!]
"HostManager"="C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe" [04/12/2007 14:23: VIRUS ALERT!]
"Norman ZANDA"="C:\VIRUSfighter\Npm\bin\ZLH.exe" [08/09/2007 14:40: VIRUS ALERT!]
"LaunchAntiSpy"="C:\Program Files\DefenderPro\TSAntiSpy.exe" [09/05/2007 04:06: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [12/20/2006 12:38: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24: VIRUS ALERT!]
"SpyGuarder"="C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe" [06/07/2008 05:28: VIRUS ALERT!]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [04/17/2007 23:48: VIRUS ALERT!]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [4/1/2007 4:09:33 PM]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [8/3/2006 3:34:04 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-29 01:38:21 ------------




-- HijackThis (run as Victoria Gibbs.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:37: VIRUS ALERT!, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe
C:\VIRUSfighter\Npm\bin\ZLH.EXE
C:\Program Files\DefenderPro\TSAntiSpy.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Victoria Gibbs\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VICTOR~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cy...mallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: (no name) - {BB604754-D031-4D2E-AB6C-BF3D367F6944} - C:\Documents and Settings\Victoria Gibbs\Application Data\redir.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {8BCDB708-77A2-4C1C-B35C-C81FDCC045EF} - (no file)
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro\TSAntiSpy.exe /startup
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyGuarder] C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - http://radaol-prod-w...agi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - https://ediagnostics....com/serval.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - http://www.worldwinn.../familyfeud.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94076A17-1EBE-40F4-AF37-9D762B5661C2}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11019 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 00:53:19 0 d-------- C:\Program Files\Trend Micro
2008-06-28 23:25:53 0 d-------- C:\WINDOWS\CSC
2008-06-27 17:50:27 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-06-25 00:45:10 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\ErrorRepairTool
2008-06-24 03:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-20 21:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-19 22:05:12 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-17 02:14:48 0 d-------- C:\Program Files\Sun
2008-06-16 16:40:39 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\Bin
2008-06-14 02:26:58 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\RegSweep
2008-06-13 23:01:08 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-13 21:13:08 0 d-------- C:\VIRUSfighter
2008-06-08 15:54:45 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-08 11:55:23 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-08 11:10:00 0 d--hs---- C:\FOUND.002
2008-06-08 10:42:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-08 00:10:44 0 d--hs---- C:\FOUND.001
2008-06-07 19:51:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-07 12:35:19 137 --a------ C:\WINDOWS\tsiwinfile.dat
2008-06-07 12:35:16 0 d-------- C:\WINDOWS\AntiSpy
2008-06-07 12:35:16 0 d-------- C:\Program Files\DefenderPro
2008-06-07 11:48:20 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 11:48:20 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 11:47:52 0 d-------- C:\Program Files\Defender Pro
2008-06-07 11:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-07 11:47:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 11:47:47 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 10:49:30 0 d--hs---- C:\FOUND.000
2008-06-07 06:40:40 0 d-------- C:\Program Files\SystemDefender
2008-06-07 06:02:14 1671680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\sg.dll
2008-06-07 05:28:18 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder
2008-06-07 05:20:46 1671680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
2008-06-07 04:30:10 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\TmpRecentIcons
2008-06-07 03:46:30 0 d-------- C:\Program Files\LabelCommand
2008-06-07 02:49:09 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\AXPDefender
2008-06-07 02:49:04 0 d-------- C:\Program Files\AXPDefender
2008-06-07 02:30:02 163840 --a------ C:\WINDOWS\eslm.exe
2008-06-03 03:02:00 0 d-------- C:\Program Files\MSXML 4.0
2008-06-02 04:30:25 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\MozillaControl
2008-06-02 04:30:25 0 d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\Mozilla
2008-06-02 04:29:59 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-02 04:29:45 0 d-------- C:\Program Files\VideoLAN
2008-06-02 04:29:44 0 d-------- C:\Program Files\Graboid
2008-06-01 17:29:58 0 d-------- C:\Program Files\AOL 9.0
2008-06-01 17:13:56 0 d-------- C:\Program Files\Common Files\aolshare
2008-05-29 00:33:00 50016 -ra------ C:\WINDOWS\system\IYVU9.DLL
2008-05-29 00:33:00 151056 -ra------ C:\WINDOWS\system\IR32.DLL
2008-05-29 00:33:00 77664 -ra------ C:\WINDOWS\system\IR21.DLL
2008-05-29 00:32:59 1116 -ra------ C:\WINDOWS\MPLAYER.REG
2008-05-29 00:32:59 117536 -ra------ C:\WINDOWS\MPLAYER.EXE <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:59 12288 -ra------ C:\WINDOWS\MCIOLE.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:58 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:58 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-29 00:32:58 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:58 49616 -ra------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-29 00:32:57 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-29 00:32:57 24606 -ra------ C:\WINDOWS\system\OLE2.REG
2008-05-29 00:32:57 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:57 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-29 00:32:56 12800 -ra------ C:\WINDOWS\system\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-05-29 00:32:56 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:56 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-29 00:32:56 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-29 00:32:56 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-29 00:32:55 188960 -ra------ C:\WINDOWS\system\WINGDE.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-05-29 00:32:55 92208 -ra------ C:\WINDOWS\system\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-05-29 00:32:49 0 d-------- C:\MMAPP


-- Find3M Report ---------------------------------------------------------------

2008-06-28 23:04:30 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-18 00:24:28 0 d-------- C:\Program Files\Common Files\Mediafour
2008-05-18 00:23:32 0 d-------- C:\Program Files\Mediafour
2008-04-19 22:29:42 200 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-04-12 14:49:32 325346 --a------ C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_5203.exe <Not Verified; Buziol Games; Mario Forever>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
06/08/2008 01:15: VIRUS ALERT! 3794248 --a------ C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB604754-D031-4D2E-AB6C-BF3D367F6944}]
C:\Documents and Settings\Victoria Gibbs\Application Data\redir.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll [06/08/2008 01:15: VIRUS ALERT! 3794248]

[-HKEY_CLASSES_ROOT\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/15/2006 20:34: VIRUS ALERT!]
"SkyTel"="SkyTel.EXE" [08/16/2006 11:21: VIRUS ALERT! C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/16/2006 11:23: VIRUS ALERT! C:\WINDOWS\RTHDCPL.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [05/15/2006 11:15: VIRUS ALERT!]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [09/07/2006 19:52: VIRUS ALERT!]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [06/01/2006 14:40: VIRUS ALERT!]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [08/30/2006 09:57: VIRUS ALERT!]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 13:56: VIRUS ALERT!]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/10/2004 20:00: VIRUS ALERT! C:\WINDOWS\system32\bthprops.cpl]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/16/2006 11:20: VIRUS ALERT!]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [05/10/2006 11:12: VIRUS ALERT!]
"Alcmtr"="ALCMTR.EXE" [08/16/2006 11:20: VIRUS ALERT! C:\WINDOWS\Alcmtr.exe]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [07/28/2006 10:40: VIRUS ALERT!]
"HostManager"="C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe" [04/12/2007 14:23: VIRUS ALERT!]
"Norman ZANDA"="C:\VIRUSfighter\Npm\bin\ZLH.exe" [08/09/2007 14:40: VIRUS ALERT!]
"LaunchAntiSpy"="C:\Program Files\DefenderPro\TSAntiSpy.exe" [09/05/2007 04:06: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [12/20/2006 12:38: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24: VIRUS ALERT!]
"SpyGuarder"="C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe" [06/07/2008 05:28: VIRUS ALERT!]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [04/17/2007 23:48: VIRUS ALERT!]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 16:45: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [4/1/2007 4:09:33 PM]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [8/3/2006 3:34:04 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-29 01:38:21 ------------

Edited by Octagonal, 29 June 2008 - 01:04 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP