Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware VideoEgg; Nav and others [RESOLVED]

Started by sheppardwk , Jul 13 2008 06:17 PM

  • This topic is locked This topic is locked

#1
sheppardwk
Posted 13 July 2008 - 06:17 PM

sheppardwk

    Member

  • Member
  • PipPip
  • 54 posts
Recently I noticed that pages were loading very slowly while on the internet. I previously had a problem and used this site to correct my problem, so I've come back again.

I've run the ATF CLeaner, Malwarebyte's Antimalware, SuperAntispyware Home Edition, and Online Panda Activscan. Windows update and rebooted. Then I ran Hijack This.

Any help would greatly be appreciated. Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:23 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Compaq\c\SIERRA\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.co...snediag4716.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoont...inst-french.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...9.11/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4716.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test...est/tt_test.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12968 bytes


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-13 19:40:00
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.8.1201 [VPS 080713-0] 4.8.1201 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00047309 adware/navhelper Adware No 0 Yes No c:\program files\navexcel
00047309 adware/navhelper Adware No 0 Yes No hkey_local_machine\software\classes\appid\nhelper.dll
00047309 adware/navhelper Adware No 0 Yes No hkey_classes_root\appid\nhelper.dll
00103032 Joke/Gun Jokes No 0 Yes No C:\JUNK\gun.exe
00132447 adware program Adware No 0 Yes No c:\windows\ss3unstl.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa sheppard@doubleclick[1].txt
00142933 Adware/DSSAgent Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0136036.EXE
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa [email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa sheppard@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa sheppard@bluestreak[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa sheppard@go[2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Alyssa Sheppard\Cookies\alyssa [email protected][1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ‚
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ‚
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


SUPERAntiSpyware Scan Log
Generated 07/13/2008 at 03:01 PM

Application Version : 3.6.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 01:03:18

Memory items scanned : 457
Memory threats detected : 0
Registry items scanned : 6625
Registry threats detected : 5
File items scanned : 54588
File threats detected : 108

Adware.Tracking Cookie
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@revsci[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adlegend[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@eyewonder[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@paycounter[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@kontera[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin_sheppard@golfdiscount[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@ix[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adbrite[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@apmebf[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@media303[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin_sheppard@precisionclick[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@questionmarket[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@casalemedia[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@tacoda[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@zedo[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@2o7[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@statcounter[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin_sheppard@adinterax[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@trafficmp[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@p[3].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adrevolver[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@toplist[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@specificclick[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@cgi-bin[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@realmedia[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adserver[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@tribalfusion[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@roiservice[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@bluestreak[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin_sheppard@xiti[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@insightexpressai[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin_sheppard@nextag[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@akira[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@burstnet[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@56294818[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\[email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adultadworld[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@adprofile[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@indextools[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@15527479[1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@questionpro[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@1071548004[2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][1].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin [email protected][2].txt
C:\Documents and Settings\Kevin Sheppard\Cookies\kevin sheppard@partner2profit[1].txt

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Background Agent Application by Broderbund Software
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE



Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 5.1.2600 Service Pack 2

1:51:00 PM 7/13/2008
mbam-log-7-13-2008 (13-50-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 256920
Time elapsed: 1 hour(s), 22 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 287

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> No action taken.

Files Infected:
C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\avcodec.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\crashRpt.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\dataCollection.tmp (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\lame_enc.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\libcurlve.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\libpng.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\remoteblacklist (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\report.log (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\zlib.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\audio_combo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\audio_source.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\blank_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done_capture.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\done_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dropzone.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dv_pause.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dv_play.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\dv_stop.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\email_instructions.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\email_sent.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\eraser.CUR (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\file_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\help.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_ff.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_pause.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_play.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_stop.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\loading.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\loading_movie.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\locating.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\logo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\logo_middle.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\logo_top.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\ok.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\ok_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\ok_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Alyssa Sheppard\Application Data\VideoEgg\Publisher\2556\resources\gid326\cid1094\AOL1\im
  • 0

Advertisements

#2
fenzodahl512
Posted 14 July 2008 - 09:13 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo...


I see that you already run Malwarebytes' Anti-Malware but unfortunately you did not remove the infections..

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.



Please run Malwarebytes' again and then remove all infections it found.. Please do the following...


Please run and update Malwarebytes'.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply.. Please post each log in separate post..

1. Malwarebytes'
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#3
sheppardwk
Posted 14 July 2008 - 12:04 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OK, re ran Malware and DSS:

Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 5.1.2600 Service Pack 2

1:40:58 PM 7/14/2008
mbam-log-7-14-2008 (13-40-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 257170
Time elapsed: 1 hour(s), 36 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Deckard's System Scanner v20071014.68
Run by Alyssa Sheppard on 2008-07-14 13:41:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alyssa Sheppard.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:27 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alyssa Sheppard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Compaq\c\SIERRA\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.co...snediag4716.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoont...inst-french.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...9.11/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4716.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test...est/tt_test.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 12799 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 kbdcap - c:\windows\system32\drivers\kbdcap.sys
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; >
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 lredbooo - c:\docume~1\alyssa~1\locals~1\temp\lredbooo.sys (file missing)
S3 LTower (LEGO USB Tower Driver) - c:\windows\system32\drivers\ltower.sys <Not Verified; The LEGO Group; LEGO USB Tower Driver>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 MySQL - "c:\documents and settings\alyssa sheppard\my documents\gms\sql\bin\mysqld-nt" --defaults-file="c:\documents and settings\alyssa sheppard\my documents\gms\sql\my.ini" mysql (file missing)
R2 MySQL4 - "c:\documents and settings\alyssa sheppard\my documents\gms\sql\bin\mysqld-nt" --defaults-file="c:\documents and settings\alyssa sheppard\my documents\gms\sql\my.ini" mysql4 (file missing)

S2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-14 13:45:00 494 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (SHEPPARDFAMILY-Robin Sheppard).job
2008-07-14 13:43:59 494 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (SHEPPARDFAMILY-Kevin Sheppard).job
2008-07-14 09:44:08 496 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (SHEPPARDFAMILY-Alyssa Sheppard).job


-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-13 20:10:13 0 d-------- C:\Program Files\Trend Micro
2008-07-13 17:22:43 0 d-------- C:\Program Files\Panda Security
2008-07-13 17:10:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Malwarebytes
2008-07-13 14:22:12 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\mIRC
2008-07-13 13:55:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 13:54:58 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 09:25:29 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\Malwarebytes
2008-07-13 09:25:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 09:25:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 09:24:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-10 09:58:06 0 d-------- C:\Documents and Settings\Alyssa Sheppard\.thumbnails
2008-06-30 19:08:34 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Total Eclipse


-- Find3M Report ---------------------------------------------------------------

2008-07-13 17:01:43 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\mIRC
2008-07-13 15:05:01 0 d-------- C:\Program Files\Yahoo!
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files
2008-07-10 09:58:47 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\gtk-2.0
2008-07-04 17:41:58 0 d-------- C:\Program Files\The Learning Company
2008-06-30 19:39:45 0 d-------- C:\Program Files\Nick Arcade
2008-06-28 13:36:09 0 d-------- C:\Program Files\Electronic Arts
2008-06-28 13:34:59 487 --a------ C:\WINDOWS\EReg072.dat
2008-06-14 16:55:04 1011 --a------ C:\WINDOWS\EReg077.dat
2008-06-09 17:23:30 0 d-------- C:\Program Files\Unreal3.2
2008-06-09 17:14:48 0 d-------- C:\Program Files\InspIRCd
2008-06-08 16:04:25 159924 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-07 08:45:38 0 d-------- C:\Program Files\Windows Resource Kits
2008-06-06 18:00:51 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Adobe
2008-06-06 12:28:03 4 --a------ C:\WINDOWS\system32\8A67E7
2008-06-06 12:25:02 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Real
2008-06-01 12:40:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 14:07:01 0 d-------- C:\Program Files\Java
2008-05-30 21:20:17 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Hamachi
2008-05-29 18:21:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\WinRAR
2008-05-26 17:11:57 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\MySQL
2008-05-20 22:54:18 2559 --a------ C:\WINDOWS\unins000.dat
2008-05-20 21:27:00 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-17 16:18:48 822 --a------ C:\WINDOWS\system32\NEWSOFT
2008-05-17 16:14:19 5553 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\PrimoPDFSet.xml
2008-05-17 16:12:14 224 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\APUSet.xml
2008-05-17 15:59:51 0 d-------- C:\Program Files\activePDF


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 02:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [05/03/2005 11:38 AM C:\WINDOWS\SYSTEM32\P17.dll]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/17/2004 07:26 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [08/22/2004 05:31 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [10/25/2004 12:08 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"Aim6"="" []

C:\Documents and Settings\Alyssa Sheppard\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
DESKTOP.INI [8/10/2004 3:04:12 PM]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [5/2/2005 8:16:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [11/4/2007 3:19:51 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d58002-4b70-11dc-bdee-001111792a48}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654333006461322

*Newly Created Service* - PAVBOOT



-- Hosts -----------------------------------------------------------------------

127.0.0.13 aol.enetbot.com


-- End of Deckard's System Scanner: finished at 2008-07-14 13:46:03 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.09 MiB / 563.46 MiB
Pagefile Memory (total/avail): 2457.56 MiB / 2048.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.28 MiB

C: is Fixed (NTFS) - 145.82 GiB total, 84.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
Y: is Network (Unformatted)
Z: is Network (FAT32)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 145.82 GiB - C:
\PARTITION2 - Unknown - 3.16 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v5000 (McAfee Security)
AV: avast! antivirus 4.8.1201 [VPS 080714-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"="C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe:*:Enabled:Jasc Paint Shop Photo Album 5 Application"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Disabled:Lemonade2"
"C:\\Program Files\\NetMeeting\\CONF.EXE"="C:\\Program Files\\NetMeeting\\CONF.EXE:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\War Games Construction Kit\\Game.exe"="C:\\Program Files\\War Games Construction Kit\\Game.exe:*:Enabled:War Games Construction Kit"
"C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"="C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe:*:Enabled:CruiseShipTycoon"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe:*:Enabled:webphone"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Infogrames\\Clue\\clue.exe"="C:\\Program Files\\Infogrames\\Clue\\clue.exe:*:Disabled:clue"
"C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe"="C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe:*:Enabled:rct2"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\Face of Mankind\\Lithtech.exe"="C:\\Program Files\\Face of Mankind\\Lithtech.exe:*:Enabled:Client"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"="C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof"="C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof:*:Enabled:claz2"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Psfonts\\mIRC\\mirc.exe"="C:\\Psfonts\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Zachary's Documents\\mirc.exe"="C:\\Zachary's Documents\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mirc.exe:*:Enabled:mirc.exe"
"\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe"="\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe:*:Enabled:aim.exe"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Disabled:MapleStory"
"C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe"="C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe"="C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe:*:Enabled:The Battle for Ragon"
"C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe"="C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE"="C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe"="\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe"="\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe:*:Enabled:WinBot.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe:*:Enabled:hamachi"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe:*:Enabled:DUC20"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe:*:Enabled:eggdrop"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alyssa Sheppard\Application Data
classpath=C:\Program Files\Java\jdk1.6.0_05\bin
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHEPPARDFAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alyssa Sheppard
LOGONSERVER=\\SHEPPARDFAMILY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\System32\;C:\Program Files\Java\jdk1.6.0_05\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
  • 0

#4
fenzodahl512
Posted 14 July 2008 - 12:34 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, somehow your extra.txt has been cut-off.. Please find the extra.txt textfile at C:\Deckard folder and post it here..


Regards
fenzodahl512
  • 0

#5
sheppardwk
Posted 14 July 2008 - 06:35 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Extra:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.09 MiB / 563.46 MiB
Pagefile Memory (total/avail): 2457.56 MiB / 2048.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.28 MiB

C: is Fixed (NTFS) - 145.82 GiB total, 84.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
Y: is Network (Unformatted)
Z: is Network (FAT32)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 145.82 GiB - C:
\PARTITION2 - Unknown - 3.16 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v5000 (McAfee Security)
AV: avast! antivirus 4.8.1201 [VPS 080714-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"="C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe:*:Enabled:Jasc Paint Shop Photo Album 5 Application"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Disabled:Lemonade2"
"C:\\Program Files\\NetMeeting\\CONF.EXE"="C:\\Program Files\\NetMeeting\\CONF.EXE:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\War Games Construction Kit\\Game.exe"="C:\\Program Files\\War Games Construction Kit\\Game.exe:*:Enabled:War Games Construction Kit"
"C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"="C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe:*:Enabled:CruiseShipTycoon"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe:*:Enabled:webphone"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Infogrames\\Clue\\clue.exe"="C:\\Program Files\\Infogrames\\Clue\\clue.exe:*:Disabled:clue"
"C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe"="C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe:*:Enabled:rct2"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\Face of Mankind\\Lithtech.exe"="C:\\Program Files\\Face of Mankind\\Lithtech.exe:*:Enabled:Client"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"="C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof"="C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof:*:Enabled:claz2"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Psfonts\\mIRC\\mirc.exe"="C:\\Psfonts\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Zachary's Documents\\mirc.exe"="C:\\Zachary's Documents\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mirc.exe:*:Enabled:mirc.exe"
"\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe"="\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe:*:Enabled:aim.exe"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Disabled:MapleStory"
"C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe"="C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe"="C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe:*:Enabled:The Battle for Ragon"
"C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe"="C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE"="C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe"="\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe"="\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe:*:Enabled:WinBot.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe:*:Enabled:hamachi"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe:*:Enabled:DUC20"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe:*:Enabled:eggdrop"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alyssa Sheppard\Application Data
classpath=C:\Program Files\Java\jdk1.6.0_05\bin
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHEPPARDFAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alyssa Sheppard
LOGONSERVER=\\SHEPPARDFAMILY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\System32\;C:\Program Files\Java\jdk1.6.0_05\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ALYSSA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ALYSSA~1\LOCALS~1\Temp
USERDOMAIN=SHEPPARDFAMILY
USERNAME=Alyssa Sheppard
USERPROFILE=C:\Documents and Settings\Alyssa Sheppard
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kevin Sheppard (admin)
Robin Sheppard (admin)
Zachary Sheppard (admin)
Alyssa Sheppard (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\Sierra\Contraptions\Uninst.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\GrooveAX.dll,_RemoveGroove@16
5.0M SD DSC --> C:\Program Files\5.0M SD DSC\uninst.exe C:\Program Files\5.0M SD DSC\install.log
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
American Greetings CreataCard Select 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9770A25C-45A7-478E-AF50-4FDE53EED270}\setup.exe" -l0x9 anything
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Barbie Girls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD}
Barbie® idesign™ Ultimate Stylist™ --> MsiExec.exe /I{36FED898-68B7-4A00-824F-EB2136E17D6A}
Barbie™ as Rapunzel --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
Barbie™ as The Princess and the Pauper --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\PPauperUn.exe
Barbie™ Beauty Boutique™ CD-ROM --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\BeautyUn.exe
Barbie™ Horse Adventures™ --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\HorseUn.exe
Barbie™ In The 12 Dancing Princesses --> C:\Program Files\InstallShield Installation Information\{79E0927E-6347-495F-83C1-92B0AB252B07}\setup.exe -runfromtemp -l0x0009 -removeonly
Barbie™ of Swan Lake --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUn.exe
Blue's 123 Time Activities --> C:\WINDOWS\IsUninst.exe -fc:\hegames\Blues123\Uninst.isu -c"c:\hegames\Blues123\Uninst.dll
BRATZ - Rock Angelz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C92937F-7E79-4A32-AB80-BD7637146308}\setup.exe" -l0x9 -uninst
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon MP530 User Registration --> C:\Program Files\Canon\IJEREG\MP530\UNINST.EXE
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CardCounterPRO 6.1.0 --> "C:\Program Files\CardCounterPRO\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CP2101 USB to UART Bridge Controller --> C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\uninstall.ini
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Media Experience Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Disney's Toontown Online Test Server --> C:\PROGRA~1\Disney\DISNEY~1\TOONTO~1\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\TOONTO~1\INSTALL.LOG
Disney Toontown Online --> C:\Program Files\Disney\Disney Online\ToontownOnline\uninst.exe
Disney Toontown Online TEST --> C:\Program Files\Disney\Disney Online\ToontownOnline_TEST\uninst.exe
Disney/Pixar's Buzz Lightyear 1st Grade --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Buzz Lightyear 1st Grade\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Buzz Lightyear 1st Grade\Saved Games\Uninst.dll
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EA.com Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Electronic Arts Game Updater --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Futuremark Measurement Services Client --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Development Kit 5.0 Update 15 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150150}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 15 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150150}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Jumpstart First Grade v1.4 --> C:\WINDOWS\IsUninst.exe -fC:\KA\FG\DeIsL2.isu
KSignAccessToolkit v1.0 --> C:\WINDOWS\system32\UnInstall_KAccess.exe
La Casa de Dora --> C:\PROGRA~1\NICKJR~1.ARC\LACASA~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\LACASA~1\INSTALL.LOG
LEGO Creator Harry Potter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FB70A9B-6591-42EB-BD84-6F9C55368E06}\setup.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{92F1DEA6-C1D0-44DC-9A94-FC2DD0BD7BD1}
MapleStory --> MsiExec.exe /I{99217575-1F9D-438A-A2E9-D8FC1D96A04F}
MAX Console --> C:\Program Files\MAX Console\uninst.EXE
Mayawaka --> C:\PROGRA~1\NICKAR~1\Mayawaka\UNWISE.EXE C:\PROGRA~1\NICKAR~1\Mayawaka\INSTALL.LOG
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Broadband Networking --> MsiExec.exe /I{8CC15633-2327-43F4-BA85-B83FDB4B59BE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
mIRC --> C:\Documents and Settings\Alyssa Sheppard\My Documents\Alyssa\AIM\mIRC\uninstall.exe _?=C:\Documents and Settings\Alyssa Sheppard\My Documents\Alyssa\AIM\mIRC
MSN Entertainment Download Troubleshooter --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
My Fantasy Wedding --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\setup.exe" -l0x9
MySQL Server 5.0 --> MsiExec.exe /I{E9CF8701-483A-4344-8119-0002BD0992A8}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
No-IP.com DUC (remove only) --> "C:\Documents and Settings\Alyssa Sheppard\My Documents\GameScape\No-IP\DUC20.exe" -uninstall
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Pony Luv --> C:\PROGRA~1\NICKAR~1\PONYLU~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\PONYLU~1\INSTALL.LOG
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! PageManager 7.15.14 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Reader Rabbit's Kindergarten --> C:\TLCWIN\RRK20\UNWISE.EXE C:\TLCWIN\RRK20\INSTALL.LOG
Reader Rabbit Personalized 1st Grade --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalized 1st Grade\Uninst.isu"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Restaurant Empire --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC255660-F987-41C8-8416-7376305A3FE5}\setup.exe" -l0x9 -uninst
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Rugrats™ All Growed Up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08C1D270-DD63-4E4A-875B-1347C5998E08}\setup.exe" -uninst
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Scholastic's I SPY Fantasy --> C:\PROGRA~1\SCHOLA~1\ISPYFA~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYFA~1\INSTALL.LOG
Scholastic's I SPY Spooky Mansion Deluxe --> C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Scholastic's I SPY Treasure Hunt --> C:\PROGRA~1\SCHOLA~1\ISPYTR~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYTR~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SkyCaddie Desktop --> "C:\Program Files\SkyGolf\SkyCaddie Desktop\UninstSkyCaddie.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
SpongeBob SquarePants - Battle for Bikini Bottom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7E6A962-C086-47E3-BAEC-9C84AF292820}\setup.exe" -l0x9 -uninst
SpongeBob SquarePants Employee of the Month --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu"
SpongeBob SquarePants Krabby Quest --> C:\PROGRA~1\NICKAR~1\SPONGE~4\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~4\INSTALL.LOG
SpongeBob SquarePants® Operation Krabby Patty --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Operation Krabby Patty\Uninst.isu"
SSC Service Utility v4.20 --> "C:\Program Files\SSC Service Utility\unins000.exe"
Strawberry Shortcake - Amazing Cookie Party --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Strawberry Shortcake - Amazing Cookie Party\Uninstall.xml"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TaxCut Standard 2005 --> C:\PROGRA~1\TaxCut05\Program\removetc.exe
The Doodle Doctor --> MsiExec.exe /I{7D2DC830-4F5E-49AC-A325-5F2F3EEAD4A1}
The Scruffs --> C:\PROGRA~1\NICKAR~1\THESCR~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\THESCR~1\INSTALL.LOG
The Wild Thornberrys™ Rambler™ --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive™\Nickelodeon™\The Wild Thornberrys™ Rambler™\Uninst.isu"
Toy Story 2 --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TOYSTO~1\DeIsL1.isu
TWC User Controls --> MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Ulead COOL 360 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead COOL 360\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead COOL 360\IS32Inst.dll"
Ulead Photo Explorer 7.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38E1721-7FE7-11D4-A898-0000E83DCDA6}\Setup.exe" -l0x9
UnrealIRCd3.2.7 --> "C:\Program Files\Unreal3.2\unins000.exe"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Encoder 7.1 --> C:\Program Files\Windows Media Components\Encoder\_instENC.exe /U
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Documents and Settings\Alyssa Sheppard\My Documents\GameScape\winrar\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yumsters! --> C:\PROGRA~1\NICKAR~1\Yumsters\UNWISE.EXE C:\PROGRA~1\NICKAR~1\Yumsters\INSTALL.LOG
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
Zoo Tycoon 2 Patch --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTPA.EXE" /runtemp /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type7540 / Error
Event Submitted/Written: 07/14/2008 01:45:01 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7539 / Error
Event Submitted/Written: 07/14/2008 01:45:00 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7538 / Error
Event Submitted/Written: 07/14/2008 01:44:44 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7537 / Error
Event Submitted/Written: 07/14/2008 01:44:44 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type7534 / Error
Event Submitted/Written: 07/14/2008 10:48:07 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26396 / Error
Event Submitted/Written: 07/14/2008 10:49:28 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Java Quick Starter service failed to start due to the following error:
%%3

Event Record #/Type26383 / Warning
Event Submitted/Written: 07/14/2008 04:45:02 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type26356 / Error
Event Submitted/Written: 07/13/2008 03:06:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Java Quick Starter service failed to start due to the following error:
%%3

Event Record #
  • 0

#6
sheppardwk
Posted 14 July 2008 - 06:37 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
rest of it:



Event Record #/Type26335 / Warning
Event Submitted/Written: 07/11/2008 05:06:48 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type26311 / Error
Event Submitted/Written: 07/10/2008 03:28:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Java Quick Starter service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-07-14 13:46:03 ------------
  • 0

#7
fenzodahl512
Posted 15 July 2008 - 05:19 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, first of all, tell me what do you know about these programs. Do you use them? Do you use IRC a lot?

Triviabot
SpamServ or SpamServer



Also, tell me, do you or anyone you know use MySQL program in this computer?




Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
lredbooo <delete service>
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Temp\lredbooo.sys
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log along with a fresh DSS log (after OTMoveIt2 step) in your next reply...


Regards
fenzodahl512
  • 0

#8
sheppardwk
Posted 15 July 2008 - 06:41 AM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
In all honesty, I don't know what they are for. If I had to guess, I believe they are programs that my children use to chat with other online gamers to receive tips, hints, solutions to several online games that they play. Regarding the SQL server - again no idea.

While using the internet last night, the pages are still loading very slowly. For example, when I clicked on Yahoo, it took about 10-15 seconds to load. Then, when I typed in a search, again 10-15 seconds to load. If I clicked on a picture, there was a delay loading it as well. I looked at the cable modem as soon as I clicked a page, and it took it several seconds for the lights to start flashing. I also have a Windows 98 computer on our home network. When I used it to view the same internet sites, although it has 1/10 the processor and is approximately 10 years old, it loaded the pages immediately. I'm not sure what is going on, but hopefully with your assistance we're approaching a solution.

I will download the programs you recommend and post back later tonight.

Thanks again for your help.
  • 0

#9
fenzodahl512
Posted 15 July 2008 - 07:35 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. will wait for your log.. :)
  • 0

#10
sheppardwk
Posted 15 July 2008 - 05:38 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OK,

Here is the OT:


Explorer killed successfully
lredbooo service deleted successfully.
File/Folder C:\Documents and Settings\Alyssa Sheppard\Local Settings\Temp\lredbooo.sys not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_192509





And here is the DSS:

Deckard's System Scanner v20071014.68
Run by Alyssa Sheppard on 2008-07-15 19:32:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alyssa Sheppard.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:49 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ALYSSA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Compaq\c\SIERRA\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.co...snediag4716.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoont...inst-french.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...9.11/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4716.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test...est/tt_test.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 12986 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-15 18:38:36 112640 --a------ C:\WINDOWS\lsb_un20.exe
2008-07-13 20:10:13 0 d-------- C:\Program Files\Trend Micro
2008-07-13 17:22:43 0 d-------- C:\Program Files\Panda Security
2008-07-13 17:10:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Malwarebytes
2008-07-13 14:22:12 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\mIRC
2008-07-13 13:55:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 13:54:58 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 09:25:29 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\Malwarebytes
2008-07-13 09:25:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 09:25:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 09:24:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-10 09:58:06 0 d-------- C:\Documents and Settings\Alyssa Sheppard\.thumbnails
2008-06-30 19:08:34 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Total Eclipse


-- Find3M Report ---------------------------------------------------------------

2008-07-15 18:40:59 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\mIRC
2008-07-13 15:05:01 0 d-------- C:\Program Files\Yahoo!
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files
2008-07-10 09:58:47 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\gtk-2.0
2008-07-04 17:41:58 0 d-------- C:\Program Files\The Learning Company
2008-06-30 19:39:45 0 d-------- C:\Program Files\Nick Arcade
2008-06-28 13:36:09 0 d-------- C:\Program Files\Electronic Arts
2008-06-28 13:34:59 487 --a------ C:\WINDOWS\EReg072.dat
2008-06-14 16:55:04 1011 --a------ C:\WINDOWS\EReg077.dat
2008-06-09 17:23:30 0 d-------- C:\Program Files\Unreal3.2
2008-06-09 17:14:48 0 d-------- C:\Program Files\InspIRCd
2008-06-08 16:04:25 159924 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-07 08:45:38 0 d-------- C:\Program Files\Windows Resource Kits
2008-06-06 18:00:51 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Adobe
2008-06-06 12:28:03 4 --a------ C:\WINDOWS\system32\8A67E7
2008-06-06 12:25:02 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Real
2008-06-01 12:40:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 14:07:01 0 d-------- C:\Program Files\Java
2008-05-30 21:20:17 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Hamachi
2008-05-29 18:21:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\WinRAR
2008-05-26 17:11:57 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\MySQL
2008-05-20 22:54:18 2559 --a------ C:\WINDOWS\unins000.dat
2008-05-20 21:27:00 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-17 16:18:48 822 --a------ C:\WINDOWS\system32\NEWSOFT
2008-05-17 16:14:19 5553 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\PrimoPDFSet.xml
2008-05-17 16:12:14 224 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\APUSet.xml
2008-05-17 15:59:51 0 d-------- C:\Program Files\activePDF


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 02:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [05/03/2005 11:38 AM C:\WINDOWS\SYSTEM32\P17.dll]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/17/2004 07:26 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [08/22/2004 05:31 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [10/25/2004 12:08 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/05/2005 04:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"Aim6"="" []

C:\Documents and Settings\Alyssa Sheppard\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
DESKTOP.INI [8/10/2004 3:04:12 PM]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [5/2/2005 8:16:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [11/4/2007 3:19:51 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d58002-4b70-11dc-bdee-001111792a48}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654333006461322




-- End of Deckard's System Scanner: finished at 2008-07-15 19:33:16 ------------

As I mentioned earlier,


While using the internet last night, the pages are still loading very slowly. For example, when I clicked on Yahoo, it took about 10-15 seconds to load. Then, when I typed in a search, again 10-15 seconds to load. If I clicked on a picture, there was a delay loading it as well. I looked at the cable modem as soon as I clicked a page, and it took it several seconds for the lights to start flashing. I also have a Windows 98 computer on our home network. When I used it to view the same internet sites, although it has 1/10 the processor and is approximately 10 years old, it loaded the pages immediately. I'm not sure what is going on, but hopefully with your assistance we're approaching a solution.

Whatever we need to delete or remove, I'm willing to correct this.

Thanks again
  • 0

Advertisements

#11
fenzodahl512
Posted 15 July 2008 - 11:14 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\8A67E7
C:\WINDOWS\system32\NEWSOFT
C:\Documents.exe
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



Please post the following logs in your next reply..

1. OTMoveIt2
2. SDFix
3. A fresh DSS log (after SDFix step)


Regards
fenzodahl512
  • 0

#12
sheppardwk
Posted 16 July 2008 - 08:41 PM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OK, I followed your instructions; however, I encountered several problems.
While downloading SDFix.exe, my Avast indicated there was a Trojan/Virus. It cleaned it. When I double clicked the SDFix from the desktop, Avast again indicated a virus and I moved it to the "chest".
Once the computer rebooted afted SDFix, it indicated that the computer had recovered from a serious error. When I clicked on more information, Microsoft warned that this was an unusual problem and I should investigate by going to Add/Remove Programs and sorting by date to determine the most recent addition. I"m a little concerned by all of this, but here are the logs:

OTMoveIt

Explorer killed successfully
C:\WINDOWS\system32\mlfcache.dat moved successfully.
C:\WINDOWS\system32\8A67E7 moved successfully.
C:\WINDOWS\system32\NEWSOFT moved successfully.
File/Folder C:\Documents.exe not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07162008_214108


SDFix


SDFix: Version 1.205
Run by Alyssa Sheppard on Wed 07/16/2008 at 10:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\INEXPL~1.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 22:19:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"="C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe:*:Enabled:Jasc Paint Shop Photo Album 5 Application"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe"="C:\\Program Files\\Lemonade Tycoon 2\\Lemonade2.exe:*:Disabled:Lemonade2"
"C:\\Program Files\\NetMeeting\\CONF.EXE"="C:\\Program Files\\NetMeeting\\CONF.EXE:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\War Games Construction Kit\\Game.exe"="C:\\Program Files\\War Games Construction Kit\\Game.exe:*:Enabled:War Games Construction Kit"
"C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"="C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe:*:Enabled:CruiseShipTycoon"
"C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe"="C:\\Program Files\\Voiceglo\\Glophone\\glophone.exe:*:Enabled:webphone"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Infogrames\\Clue\\clue.exe"="C:\\Program Files\\Infogrames\\Clue\\clue.exe:*:Disabled:clue"
"C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe"="C:\\Program Files\\Infogrames\\Rollercoaster Tycoon 2 Wacky Worlds\\rct2.exe:*:Enabled:rct2"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\Face of Mankind\\Lithtech.exe"="C:\\Program Files\\Face of Mankind\\Lithtech.exe:*:Enabled:Client"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"="C:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof"="C:\\Documents and Settings\\Alyssa Sheppard\\Desktop\\TE_1.0\\Server\\claz2.mof:*:Enabled:claz2"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Psfonts\\mIRC\\mirc.exe"="C:\\Psfonts\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 1 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 2 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 3 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 4 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 5 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 6 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\Local Settings\\Temp\\Temporary Directory 7 for p4fsh.zip\\mirc.exe:*:Enabled:mIRC"
"C:\\Zachary's Documents\\mirc.exe"="C:\\Zachary's Documents\\mirc.exe:*:Enabled:mIRC"
"\\\\COMPAQ\\C\\SIERRA\\mirc.exe"="\\\\COMPAQ\\C\\SIERRA\\mirc.exe:*:Enabled:mirc.exe"
"\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe"="\\\\COMPAQ\\C\\SIERRA\\AIM\\aim.exe:*:Enabled:aim.exe"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Disabled:MapleStory"
"C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe"="C:\\Sierra\\Contraptions\\Saved Games\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight Simulatorr"
"C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe"="C:\\Program Files\\The Battle for Ragon\\The Battle for Ragon.exe:*:Enabled:The Battle for Ragon"
"C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe"="C:\\Documents and Settings\\Robin Sheppard\\My Documents\\My Albums\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE"="C:\\Triviabot2001\\trivbot2001\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Trivia\\WinBot\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe"="\\\\compaq\\MY MUSIC\\mIRC\\mirc.exe:*:Enabled:mirc.exe"
"\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe"="\\\\compaq\\C\\SIERRA\\WINDOWS\\WinBot.exe:*:Enabled:WinBot.exe"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Street MS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Nexon\\GameMS\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\hamachi.exe:*:Enabled:hamachi"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\No-IP\\DUC20.exe:*:Enabled:DUC20"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GameScape\\jdk\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_15\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\AIM\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServ\\SpamServ.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Alyssa\\SpamServer\\WinBot.exe:*:Enabled:WinBot IRC Client for Windows"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\Yuntis\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\YunYun\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe"="C:\\Documents and Settings\\Alyssa Sheppard\\My Documents\\GDNIRC\\eggdrop.exe:*:Enabled:eggdrop"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL"
Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL"
Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE"
Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE"
Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL"
Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL"
Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL"
Thu 21 Dec 2006 88 ..SHR --- "C:\WINDOWS\SYSTEM32\40C4F6813B.sys"
Sat 6 Oct 2007 80 ..SHR --- "C:\WINDOWS\SYSTEM32\64D5710EAE.dll"
Thu 21 Dec 2006 3,350 A.SH. --- "C:\WINDOWS\SYSTEM32\KGyGaAvL.sys"
Sat 9 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 19 Sep 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Tue 26 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITE.tmp"
Sat 9 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\My Music\License Backup\drmv1key.bak"
Sun 10 Jul 2005 20 A..H. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 9 Jul 2005 400 A.SH. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\My Music\License Backup\drmv2key.bak"
Wed 5 Oct 2005 23,040 ...H. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\Zachary's folder\School\~WRL0001.tmp"
Wed 5 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\Zachary's folder\School\~WRL0003.tmp"
Wed 5 Oct 2005 22,016 ...H. --- "C:\Documents and Settings\Zachary Sheppard\My Documents\Zachary's folder\School\~WRL0005.tmp"
Sat 8 Mar 2008 19,390 ..SH. --- "C:\Documents and Settings\Alyssa Sheppard\Local Settings\Application Data\NewSoft\PageManager\7.15.14A\Setting\PM65.BAK"

Finished!








DSS

Deckard's System Scanner v20071014.68
Run by Alyssa Sheppard on 2008-07-16 22:28:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alyssa Sheppard.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:20 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alyssa Sheppard\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ALYSSA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\Compaq\c\SIERRA\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.co...snediag4716.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoont...inst-french.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...9.11/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4716.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test...est/tt_test.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MySQL - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 12985 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 21:58:29 0 d-------- C:\WINDOWS\ERUNT
2008-07-15 18:38:36 112640 --a------ C:\WINDOWS\lsb_un20.exe
2008-07-13 20:10:13 0 d-------- C:\Program Files\Trend Micro
2008-07-13 17:22:43 0 d-------- C:\Program Files\Panda Security
2008-07-13 17:10:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Malwarebytes
2008-07-13 14:22:12 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\mIRC
2008-07-13 13:55:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 13:54:58 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\SUPERAntiSpyware.com
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 09:25:29 0 d-------- C:\Documents and Settings\Kevin Sheppard\Application Data\Malwarebytes
2008-07-13 09:25:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 09:25:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 09:24:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-10 09:58:06 0 d-------- C:\Documents and Settings\Alyssa Sheppard\.thumbnails
2008-06-30 19:08:34 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Total Eclipse


-- Find3M Report ---------------------------------------------------------------

2008-07-16 18:54:05 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\mIRC
2008-07-13 15:05:01 0 d-------- C:\Program Files\Yahoo!
2008-07-13 13:54:41 0 d-------- C:\Program Files\Common Files
2008-07-10 09:58:47 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\gtk-2.0
2008-07-04 17:41:58 0 d-------- C:\Program Files\The Learning Company
2008-06-30 19:39:45 0 d-------- C:\Program Files\Nick Arcade
2008-06-28 13:36:09 0 d-------- C:\Program Files\Electronic Arts
2008-06-28 13:34:59 487 --a------ C:\WINDOWS\EReg072.dat
2008-06-14 16:55:04 1011 --a------ C:\WINDOWS\EReg077.dat
2008-06-09 17:23:30 0 d-------- C:\Program Files\Unreal3.2
2008-06-09 17:14:48 0 d-------- C:\Program Files\InspIRCd
2008-06-07 08:45:38 0 d-------- C:\Program Files\Windows Resource Kits
2008-06-06 18:00:51 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Adobe
2008-06-06 12:25:02 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Real
2008-06-01 12:40:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 14:07:01 0 d-------- C:\Program Files\Java
2008-05-30 21:20:17 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\Hamachi
2008-05-29 18:21:24 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\WinRAR
2008-05-26 17:11:57 0 d-------- C:\Documents and Settings\Alyssa Sheppard\Application Data\MySQL
2008-05-20 22:54:18 2559 --a------ C:\WINDOWS\unins000.dat
2008-05-20 21:27:00 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-17 16:14:19 5553 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\PrimoPDFSet.xml
2008-05-17 16:12:14 224 --a------ C:\Documents and Settings\Alyssa Sheppard\Application Data\APUSet.xml
2008-05-17 15:59:51 0 d-------- C:\Program Files\activePDF


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 02:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [05/03/2005 11:38 AM C:\WINDOWS\SYSTEM32\P17.dll]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/17/2004 07:26 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [08/22/2004 05:31 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [10/25/2004 12:08 PM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/05/2005 04:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 08:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"Aim6"="" []

C:\Documents and Settings\Alyssa Sheppard\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
DESKTOP.INI [8/10/2004 3:04:12 PM]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [5/2/2005 8:16:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [11/4/2007 3:19:51 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d58002-4b70-11dc-bdee-001111792a48}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654333006461322




-- End of Deckard's System Scanner: finished at 2008-07-16 22:28:43 ------------
  • 0

#13
fenzodahl512
Posted 17 July 2008 - 05:17 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
What Avast detect from tools we used are false positive.. Just ignore it next time.. Don't move any indication from Avast regarding all tools we used to the "chest"..



IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.




NEXT



We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop MySQL
sc delete MySQL
sc stop MySQL4
sc delete MySQL4
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please tell me about your computer condition...


Regards
fenzodahl512
  • 0

#14
sheppardwk
Posted 18 July 2008 - 04:59 AM

sheppardwk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I created the service.bat and rand the Kaspersky Scanner.
The Kaspersky Scanner indicated 12 viruses found and 25 objects infected:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 18, 2008 6:55:26 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/07/2008
Kaspersky Anti-Virus database records: 966622
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 263401
Number of viruses found: 12
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 05:16:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Temporary Internet Files\Content.IE5\7OWLV10A\sysreset255[2].exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Temporary Internet Files\Content.IE5\7OWLV10A\sysreset255[2].exe RAR: infected - 1 skipped
C:\Documents and Settings\Alyssa Sheppard\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\Alyssa\AIM\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\Alyssa\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\data\ibdata1 Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\data\ib_logfile0 Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\data\ib_logfile1 Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\My Documents\gMS\SQL\data\SheppardFamily.err Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alyssa Sheppard\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kevin Sheppard\Local Settings\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robin Sheppard\My Documents\My Albums\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Disney\Disney Online\screenshot-Mon-Mar-31-17-24-46-2008-48311.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\screenshot-Mon-Mar-31-17-25-18-2008-49288.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\screenshot-Mon-Mar-31-17-29-18-2008-56430.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\screenshot-Mon-Mar-31-17-31-10-2008-60421.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\screenshot-Mon-Mar-31-17-31-12-2008-60456.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Fri-Apr-28-19-19-03-2006-86433.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Fri-Apr-28-21-13-57-2006-9667.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Fri-Apr-28-21-14-23-2006-10779.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-00-57-2006-573300.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-01-00-2006-573342.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-01-02-2006-573395.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-06-15-2006-589095.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-06-19-2006-589193.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Jul-22-17-06-21-2006-589217.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Nov-19-20-29-00-2005-289953.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Nov-19-20-29-07-2005-290283.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sat-Sep-10-07-08-43-2005-193045.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sun-Jul-23-11-22-04-2006-33059.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sun-Jul-23-11-22-06-2006-33104.jpg Object is locked skipped
C:\Program Files\Disney\Disney Online\ToonTownPictures\screenshot-Sun-Jul-23-11-22-09-2006-33182.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP990\A0136036.EXE Infected: not-a-virus:AdWare.Win32.Background skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP995\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib2.tmp Object is locked skipped
C:\WINDOWS\Temp\ib4.tmp Object is locked skipped
C:\WINDOWS\Temp\ib6.tmp Object is locked skipped
C:\WINDOWS\Temp\ib8.tmp Object is locked skipped
C:\WINDOWS\Temp\ibB2.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\unp192412837.tmp Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Y:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
Y:\WINDOWS\TEMP\xpre.exe Infected: Trojan-Downloader.Win32.VB.eqb skipped
Y:\WINDOWS\TEMP\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped
Y:\WINDOWS\TEMP\snapsnet.exe NSIS: infected - 1 skipped
Y:\WINDOWS\TEMP\rasesnet.exe Infected: Trojan.Win32.Monder.gen skipped
Y:\WINDOWS\TEMP\wavvsnet.exe Infected: Trojan-Downloader.Win32.Small.vrq skipped
Y:\WINDOWS\TEMP\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
Y:\WINDOWS\TEMP\yazzsnet.exe NSIS: infected - 1 skipped
Y:\WINDOWS\TEMP\winvsnet.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster skipped
Y:\WINDOWS\WIN386.SWP Object is locked skipped
Y:\WINDOWS\SchedLog.Txt Object is locked skipped
Y:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
Y:\WINDOWS\Cookies\index.dat Object is locked skipped
Y:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
Y:\RECYCLED\DC0.EXE Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
Y:\My Documents\TT\mirc63.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Y:\My Documents\TT\mirc63.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Y:\My Documents\TT\mirc63.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Y:\My Documents\TT\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Y:\My Documents\TT\mirc63.exe NSIS: infected - 4 skipped
Y:\My Documents\My Music\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
Y:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
Y:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
Y:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
Y:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
Y:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
Y:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
Y:\SIERRA\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Y:\SIERRA\AIM\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
Z:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

Scan process completed.
  • 0

#15
fenzodahl512
Posted 18 July 2008 - 06:58 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
Y:\WINDOWS\TEMP\xpre.exe
Y:\WINDOWS\TEMP\snapsnet.exe
Y:\WINDOWS\TEMP\rasesnet.exe
Y:\WINDOWS\TEMP\wavvsnet.exe
Y:\WINDOWS\TEMP\yazzsnet.exe
Y:\WINDOWS\TEMP\winvsnet.exe
Y:\RECYCLED\DC0.EXE
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please also include a fresh DSS log in your next reply.. Tell me about your computer condition...

Regards
fenzodahl512
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP