Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG, AdAware, and Spybot won't remove this. [RESOLVED]


  • This topic is locked This topic is locked

#1
m40p

m40p

    New Member

  • Member
  • Pip
  • 7 posts
Hiya. Well my computer has come down with something awful. Avg has caught several items the past couple of days (FakeAntispyware.OI, and Winfixer.ATW, and a Trojan). I've ran scans with everything and they've caught a few things here and there. But I still get that anoying pop up in the tray and whatnot. Well any help would be greatly appreciatted. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:43 AM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\B\LOCALS~1\Temp\4A.tmp
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [lphc3psj0e1bl] C:\WINDOWS\system32\lphc3psj0e1bl.exe
O4 - HKLM\..\Run: [SMrhc7psj0e1bl] C:\Program Files\rhc7psj0e1bl\rhc7psj0e1bl.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7673 bytes


Here's my runscan.run file

Attached Files


Edited by m40p, 30 June 2008 - 07:29 AM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo... Please do the following....

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi fenzodahl. Thanks for the help! Here's the information you requested. I've scanned several more times and haven't had anything pop up on AVG. But that little tray red shield "You have a security problem" is still there and still pops up a "virus scanner" website that tries to get me to download another virus. So anyways. Thanks again.



Deckard's System Scanner v20071014.68
Run by B on 2008-07-01 02:20:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-01 07:20:33 UTC - RP6 - Deckard's System Scanner Restore Point
2: 2008-06-30 13:49:48 UTC - RP5 - Installed Enemy Territory - QUAKE Wars™
1: 2008-06-30 10:29:41 UTC - RP4 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as B.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:15 AM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\B\LOCALS~1\Temp\4A.tmp
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\B\Desktop\dss.exe
C:\HIJACK~1\B.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7544 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20080630-072724-715 O4 - HKLM\..\Run: [SMrhc7psj0e1bl] C:\Program Files\rhc7psj0e1bl\rhc7psj0e1bl.exe
backup-20080630-072724-798 O4 - HKLM\..\Run: [lphc3psj0e1bl] C:\WINDOWS\system32\lphc3psj0e1bl.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 GizmoDrv (Gizmo Virtual Drive Device Driver) - c:\windows\system32\drivers\gizmodrv.sys <Not Verified; Arainia Solutions; Gizmo Virtual Drive Device Driver>
R3 AmdLLD (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld.sys <Not Verified; AMD, Inc.; Low Level Device Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RivaTuner32 - c:\program files\rivatuner v2.06\rivatuner32.sys

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 motmodem (Motorola USB CDC ACM Driver) - c:\windows\system32\drivers\motmodem.sys <Not Verified; Motorola; Motorola USB Modem or Port>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-21 20:08:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-30 08:50:11 0 d-------- C:\Program Files\id Software
2008-06-30 08:43:42 0 dr-h----- C:\Documents and Settings\B\Recent
2008-06-30 07:55:01 0 d-------- C:\VundoFix Backups
2008-06-30 07:29:55 0 d-------- C:\Program Files\Panda Security
2008-06-30 06:57:22 0 d-------- C:\HijackThis
2008-06-30 06:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-30 04:27:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 04:27:09 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 04:27:43 0 d-------- C:\Program Files\Lavasoft
2008-06-29 03:48:20 0 d-------- C:\Documents and Settings\B\Application Data\rhc7psj0e1bl
2008-06-28 03:58:11 0 d-------- C:\Program Files\Future Pinball


-- Find3M Report ---------------------------------------------------------------

2008-07-01 02:12:52 0 d-------- C:\Program Files\SpeedFan
2008-06-30 09:13:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-29 04:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 02:14:54 0 d-------- C:\Program Files\[email protected]
2008-06-22 13:05:20 0 d-------- C:\Documents and Settings\B\Application Data\uTorrent
2008-06-18 02:44:15 0 d-------- C:\Documents and Settings\B\Application Data\Mozilla
2008-05-23 10:01:31 0 d-------- C:\Program Files\Astonsoft
2008-05-23 09:41:12 0 d-------- C:\Documents and Settings\B\Application Data\DMCache
2008-05-19 13:01:49 0 d-------- C:\Program Files\OO Software
2008-05-19 11:01:23 0 d-------- C:\Program Files\Motorola
2008-05-18 08:38:00 0 d-------- C:\Program Files\Oront Burning Kit 2
2008-05-17 11:58:40 0 d-------- C:\Documents and Settings\B\Application Data\AVGTOOLBAR
2008-05-16 09:14:21 0 d-------- C:\Program Files\Funcom
2008-05-16 03:53:50 0 d-------- C:\Documents and Settings\B\Application Data\Obsidium
2008-05-15 08:38:00 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-15 05:03:11 0 d-------- C:\Program Files\AVG
2008-05-08 23:53:41 668 --a------ C:\Documents and Settings\B\Application Data\vso_ts_preview.xml
2008-05-08 23:53:41 0 d-------- C:\Documents and Settings\B\Application Data\Vso
2008-05-08 06:10:43 0 d-------- C:\Program Files\Messenger
2008-05-08 06:10:33 0 d-------- C:\Program Files\Movie Maker
2008-05-08 06:09:01 0 d-------- C:\Program Files\Windows NT
2008-05-07 12:01:22 0 d-------- C:\Program Files\Ventrilo
2008-05-01 21:32:15 0 d-------- C:\Program Files\FileStream
2008-05-01 21:32:15 0 d-------- C:\Program Files\Common Files
2008-05-01 04:28:16 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-01 03:43:15 0 d-------- C:\Program Files\World of Warcraft
2008-05-01 03:40:50 0 d-------- C:\Program Files\YOU DON'T KNOW JACK
2008-05-01 03:40:18 0 d-------- C:\Program Files\SwitchBlade
2008-04-18 08:16:46 6027 --a------ C:\Program Files\install.log
2008-04-16 11:55:20 103424 --a------ C:\WINDOWS\system32\SwitchBlade_nat.dll <Not Verified; Blue Orb; SwitchBlade>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/15/2008 05:03 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/15/2008 05:03 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [04/24/2006 09:52 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/24/2008 07:52 PM]
"nwiz"="nwiz.exe" [03/24/2008 07:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/24/2008 07:52 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/15/2008 05:03 AM]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [05/11/2007 02:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 08:08 AM]
"Somefox"="C:\DOCUME~1\B\LOCALS~1\Temp\setup30.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\B\Start Menu\Programs\Startup\
[email protected] 5.03.lnk - C:\Program Files\[email protected]\winFAH.exe [11/15/2007 9:55:14 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8756 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-01 02:22:45 ------------


Here's the etra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 3071.48 MiB / 2517.06 MiB
Pagefile Memory (total/avail): 4956.54 MiB / 4529.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 20.35 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 63.14 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG SP2514N SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:

\\.\PHYSICALDRIVE0 - SATA WD C WD800J SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\B\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRANDON-4457622
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\B
LOGONSERVER=\\BRANDON-4457622
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\B\LOCALS~1\Temp
TMP=C:\DOCUME~1\B\LOCALS~1\Temp
USERDOMAIN=BRANDON-4457622
USERNAME=B
USERPROFILE=C:\Documents and Settings\B
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

B (admin)
MCX1.BRANDON-4457622
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Conan - Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
AntivirXP08 --> "C:\Program Files\rhc7psj0e1bl\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Enemy Territory - Quake Wars™ --> C:\Program Files\id Software\Enemy Territory - QUAKE Wars\uninstall.exe
Enemy Territory - QUAKE Wars™ 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}\setup.exe -runfromtemp -l0x0409
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
[email protected] --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\[email protected]\Uninstall5DB8.DAT
Fraps --> "C:\Fraps\uninstall.exe"
Future Pinball --> "C:\Program Files\Future Pinball\unins000.exe"
HD Tune 2.54 --> "C:\Program Files\HD Tune\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\HijackThis\HijackThis.exe" /uninstall
HTML Executable IERuntime --> C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JRAID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Media Center Extender --> C:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA Media Center extensions for display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4BE15737-07C5-4705-9DFC-D9D533939942}\setup.exe" -l0x9 -uninstall
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PureVideo Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Omni Auction Builder --> C:\WINDOWS\iun6002.exe "C:\Program Files\Omni Auction Builder\uninstall\irunin.ini"
Oront Burning Kit 2 Basic v2.5.5 --> "C:\Program Files\Oront Burning Kit 2\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pcsx2 0.9.4 Watermoose --> "C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RivaTuner v2.06 --> "C:\Program Files\RivaTuner v2.06\uninstall.exe"
RSD_LITE_2_7 --> MsiExec.exe /X{FDA3FCAB-7476-4858-B28D-49F22F2C2BEE}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahtzee Download Edition --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Yahtzee Download Edition.rguninst"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2070 / Error
Event Submitted/Written: 06/30/2008 05:28:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]

Event Record #/Type2068 / Error
Event Submitted/Written: 06/30/2008 04:11:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]

Event Record #/Type2067 / Error
Event Submitted/Written: 06/30/2008 04:08:24 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 821883383.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2065 / Error
Event Submitted/Written: 06/30/2008 04:07:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]

Event Record #/Type2064 / Error
Event Submitted/Written: 06/30/2008 04:02:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhc7psj0e1bl.exe, version 0.0.0.0, faulting module rhc7psj0e1bl.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhc7psj0e1bl.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type34241 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type34240 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type34239 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type34238 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type34237 / Error
Event Submitted/Written: 07/01/2008 02:13:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-07-01 02:22:45 ------------

Edited by m40p, 01 July 2008 - 01:34 AM.

  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

AntivirXP08






NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\rhc7psj0e1bl
    C:\WINDOWS\system32\lphc3psj0e1bl.exe
    C:\Documents and Settings\B\Application Data\rhc7psj0e1bl
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply.. Post each log in separate post...

1. OTMoveIt2
2. Malwarebytes'
3. A fresh Deckard System Scanner log (after Malwarebytes' step)
4. Tell me about your computer condition



Regards
fenzodahl512
  • 0

#5
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
File/Folder kill explorer] not found.
File/Folder C:\Program Files\rhc7psj0e1bl not found.
File/Folder C:\WINDOWS\system32\lphc3psj0e1bl.exe not found.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Packages moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine\Autorun moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl\Quarantine moved successfully.
C:\Documents and Settings\B\Application Data\rhc7psj0e1bl moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\B\LOCALS~1\Temp\Perflib_Perfdata_b10.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_072145

Files moved on Reboot...
File C:\DOCUME~1\B\LOCALS~1\Temp\Perflib_Perfdata_b10.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5dc.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat not found!
  • 0

#6
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes' Anti-Malware 1.19
Database version: 910
Windows 5.1.2600 Service Pack 3

7:50:51 AM 7/1/2008
mbam-log-7-1-2008 (07-50-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 94816
Time elapsed: 21 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
  • 0

#7
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It didn't show any extra.txt this time. Only the main.txt.

Deckard's System Scanner v20071014.68
Run by B on 2008-07-01 07:55:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as B.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:09 AM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\B\Desktop\dss.exe
C:\HIJACK~1\B.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7492 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 07:27:28 0 d-------- C:\Documents and Settings\B\Application Data\Malwarebytes
2008-07-01 07:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 07:27:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 08:50:11 0 d-------- C:\Program Files\id Software
2008-06-30 08:43:42 0 dr-h----- C:\Documents and Settings\B\Recent
2008-06-30 07:55:01 0 d-------- C:\VundoFix Backups
2008-06-30 07:29:55 0 d-------- C:\Program Files\Panda Security
2008-06-30 06:57:22 0 d-------- C:\HijackThis
2008-06-30 06:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-30 04:27:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-30 04:27:09 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-30 04:27:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-30 04:27:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-30 04:27:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-30 04:27:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-29 04:27:43 0 d-------- C:\Program Files\Lavasoft
2008-06-28 03:58:11 0 d-------- C:\Program Files\Future Pinball


-- Find3M Report ---------------------------------------------------------------

2008-07-01 07:25:05 0 d-------- C:\Program Files\SpeedFan
2008-06-30 09:13:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-29 04:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 02:14:54 0 d-------- C:\Program Files\[email protected]
2008-06-22 13:05:20 0 d-------- C:\Documents and Settings\B\Application Data\uTorrent
2008-06-18 02:44:15 0 d-------- C:\Documents and Settings\B\Application Data\Mozilla
2008-05-23 10:01:31 0 d-------- C:\Program Files\Astonsoft
2008-05-23 09:41:12 0 d-------- C:\Documents and Settings\B\Application Data\DMCache
2008-05-19 13:01:49 0 d-------- C:\Program Files\OO Software
2008-05-19 11:01:23 0 d-------- C:\Program Files\Motorola
2008-05-18 08:38:00 0 d-------- C:\Program Files\Oront Burning Kit 2
2008-05-17 11:58:40 0 d-------- C:\Documents and Settings\B\Application Data\AVGTOOLBAR
2008-05-16 09:14:21 0 d-------- C:\Program Files\Funcom
2008-05-16 03:53:50 0 d-------- C:\Documents and Settings\B\Application Data\Obsidium
2008-05-15 08:38:00 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-15 05:03:11 0 d-------- C:\Program Files\AVG
2008-05-08 23:53:41 668 --a------ C:\Documents and Settings\B\Application Data\vso_ts_preview.xml
2008-05-08 23:53:41 0 d-------- C:\Documents and Settings\B\Application Data\Vso
2008-05-08 06:10:43 0 d-------- C:\Program Files\Messenger
2008-05-08 06:10:33 0 d-------- C:\Program Files\Movie Maker
2008-05-08 06:09:01 0 d-------- C:\Program Files\Windows NT
2008-05-07 12:01:22 0 d-------- C:\Program Files\Ventrilo
2008-05-01 21:32:15 0 d-------- C:\Program Files\FileStream
2008-05-01 21:32:15 0 d-------- C:\Program Files\Common Files
2008-05-01 04:28:16 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-01 03:43:15 0 d-------- C:\Program Files\World of Warcraft
2008-05-01 03:40:50 0 d-------- C:\Program Files\YOU DON'T KNOW JACK
2008-05-01 03:40:18 0 d-------- C:\Program Files\SwitchBlade
2008-04-18 08:16:46 6027 --a------ C:\Program Files\install.log
2008-04-16 11:55:20 103424 --a------ C:\WINDOWS\system32\SwitchBlade_nat.dll <Not Verified; Blue Orb; SwitchBlade>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/15/2008 05:03 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/15/2008 05:03 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [04/24/2006 09:52 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [10/30/2007 01:05 PM]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 07:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/24/2008 07:52 PM]
"nwiz"="nwiz.exe" [03/24/2008 07:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/24/2008 07:52 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/15/2008 05:03 AM]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [05/11/2007 02:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 07:12 PM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 08:08 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\B\Start Menu\Programs\Startup\
[email protected] 5.03.lnk - C:\Program Files\[email protected]\winFAH.exe [11/15/2007 9:55:14 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-01 07:56:19 ------------
  • 0

#8
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oh. And everything seems to be working fine at the moment. No more pop ups and no more annoying tray icon.
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
That's great.. your logs look clean to my eyes..


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT


I noticed you already have:

1. AVG8 as your antivirus
2. Malwarebytes' Anti-Malware as your antispyware..
3. Nvidia Firewall as your firewall..


Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#10
m40p

m40p

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good deal. Everything seems to be back to normal. I really appreciate the superb help. I don't know what I'd do without my fellow geeks! Thanks!
  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP