Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Darksma.....please help! (LOG inside) [RESOLVED]


  • This topic is locked This topic is locked

#1
man6ano

man6ano

    Member

  • Member
  • PipPip
  • 13 posts
I have tried many things suggested by these forums, but this one keeps coming back. Your help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:03, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EA55BE9-CA12-466B-A445-F7BA273E45A4} - (no file)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\mlJbyWpo.dll
O2 - BHO: (no name) - {43B5E3FA-DF0C-4C64-84CA-67E820F5295D} - C:\WINDOWS\system32\jkkIASmj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: {5e148562-016f-2d9b-f344-b4117decdc7c} - {c7cdced7-114b-443f-b9d2-f610265841e5} - C:\WINDOWS\system32\ivxaeu.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1216243671218
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardste...l/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: mlJbyWpo - C:\WINDOWS\SYSTEM32\mlJbyWpo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Program Files\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 6828 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano, and welcome to Geeks to Go. I'm currently reading over your log right now and I'll do my best to try to get your system clean. :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.
  • 0

#3
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,
If you have any questions please feel free to ask. :)

STEP 1
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
STEP 2
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

STEP 3
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
~~~~~~~~~~
In your next reply please have these logs.
The VundoFix log
And the DSS main.txt and extra.txt
  • 0

#4
man6ano

man6ano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks, Jimmy! Honored to be getting help from a fellow Buckeye. Here's the info you asked for. Let me know what else you need. Thanks again!

vundo.txt:


VundoFix V7.0.6

Scan started at 11:33:44 PM 7/15/2008

Listing files found while scanning....


Beginning removal...

VundoFix V7.0.6

Scan started at 6:32:23 AM 7/16/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 7:33:08 PM 7/17/2008

Listing files found while scanning....


VundoFix V7.0.6

Scan started at 8:45:50 PM 7/17/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...


main.txt:

Deckard's System Scanner v20071014.68
Run by Greg's on 2008-07-17 21:52:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-18 01:52:59 UTC - RP570 - Deckard's System Scanner Restore Point
9: 2008-07-18 00:38:35 UTC - RP569 - Installed Java™ 6 Update 7
8: 2008-07-18 00:30:03 UTC - RP568 - Installed Java™ SE Development Kit 6 Update 7
7: 2008-07-18 00:17:09 UTC - RP567 - Removed J2SE Runtime Environment 5.0 Update 11
6: 2008-07-18 00:11:23 UTC - RP566 - Removed Java™ SE Runtime Environment 6 Update 1


-- First Restore Point --
1: 2008-07-15 05:00:19 UTC - RP561 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Greg's.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:52, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Greg's.GREG.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Greg's.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EA55BE9-CA12-466B-A445-F7BA273E45A4} - (no file)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\mlJbyWpo.dll
O2 - BHO: (no name) - {38811467-7B5D-4D55-B949-46502832EB94} - C:\WINDOWS\system32\jkkIASmj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {7392f9eb-bb34-f508-f0d4-8bd62552893d} - {d3982552-6db8-4d0f-805f-43bbbe9f2937} - C:\WINDOWS\system32\nlqpzv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0468a0bb] rundll32.exe "C:\WINDOWS\system32\vpppnkpv.dll",b
O4 - HKLM\..\Run: [BM075b9327] Rundll32.exe "C:\WINDOWS\system32\dqibcxrc.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1216243671218
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardste...l/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: mlJbyWpo - C:\WINDOWS\SYSTEM32\mlJbyWpo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Program Files\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8109 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 LucentSoftModem (Lucent Technologies Soft Modem) - c:\windows\system32\drivers\ltsm.sys <Not Verified; Lucent Technologies; Lucent SoftModem Driver>
R3 WDM_YAMAHAAC97 (YAMAHA AC-XG Audio Device) - c:\windows\system32\drivers\yacxgc.sys <Not Verified; YAMAHA CORPORATION; YAMAHA AC-XG WDM>

S3 PacketNTx (Packet helper driver) - c:\windows\system32\drivers\packetntx.sys <Not Verified; Sumix Co.; Sumix Packet Helper Driver>
S3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA Miniport Driver for Windows XP>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 VAIOMediaPlatform-PhotoServer-AppServer (VAIO Media Photo Server (Application)) - c:\program files\sony\photo server 20\appsrv\picappsrv.exe <Not Verified; ; Photo Application Server>

S2 aawservice (Ad-Aware 2007 Service) - "d:\program files\aawservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&398EACD8&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&398EACD8&0
Service: i8042prt

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: 2500 Series
Device ID: USB\VID_043D&PID_010B\21A058502000F78
Manufacturer: (Standard USB Host Controller)
Name: 2500 Series
PNP Device ID: USB\VID_043D&PID_010B\21A058502000F78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 23:23:35 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-09-06 16:13:05 292 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job


-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 20:41:31 0 d-------- C:\Program Files\Sun
2008-07-17 20:30:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-17 19:52:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-17 19:13:17 0 d--h----- C:\BJPrinter
2008-07-16 21:59:04 77824 --a------ C:\WINDOWS\system32\vpppnkpv.dll
2008-07-16 21:56:14 102400 --a------ C:\WINDOWS\system32\nlqpzv.dll
2008-07-16 21:56:11 102400 --a------ C:\WINDOWS\system32\ketfpyaf.dll
2008-07-16 21:56:00 91648 --a------ C:\WINDOWS\system32\dqibcxrc.dll
2008-07-16 21:08:37 0 d-------- C:\Program Files\Trend Micro
2008-07-16 20:33:54 2184 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 20:32:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 20:32:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-16 20:32:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-16 20:32:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-16 20:32:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-16 20:32:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-16 20:32:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-15 23:50:17 0 d-------- C:\Temp
2008-07-15 23:33:44 0 d-------- C:\VundoFix Backups
2008-07-15 23:03:34 0 d-------- C:\WINDOWS\desktop
2008-07-15 22:30:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-15 22:30:40 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-15 22:30:40 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-15 22:30:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-15 22:30:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-15 22:30:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-15 22:30:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-15 22:30:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-15 22:30:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-15 22:30:39 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-15 22:30:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-15 22:13:53 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Help
2008-07-15 21:58:02 103936 --a------ C:\WINDOWS\system32\ivxaeu.dll
2008-07-15 21:57:59 103936 --a------ C:\WINDOWS\system32\ogxbmqft.dll
2008-07-15 19:03:52 0 d-------- C:\backup of d
2008-07-15 18:35:27 0 d-------- C:\Program Files\PowerQuest
2008-07-15 17:27:15 0 d-------- C:\old D
2008-07-14 21:58:00 102400 --a------ C:\WINDOWS\system32\tdciyj.dll
2008-07-14 21:57:57 102400 --a------ C:\WINDOWS\system32\upbttyun.dll
2008-07-14 21:53:16 91136 --a------ C:\WINDOWS\system32\uaidiwuu.dll
2008-07-13 18:28:36 25600 --a------ C:\WINDOWS\system32\awtULfdE.dll
2008-07-13 18:28:35 25600 --a------ C:\WINDOWS\system32\efcBtuut.dll
2008-07-13 18:15:56 25600 --a------ C:\WINDOWS\system32\byXNFutt.dll
2008-07-13 18:15:55 25600 --a------ C:\WINDOWS\system32\ddcCRJcD.dll
2008-07-13 18:14:54 25600 --a------ C:\WINDOWS\system32\byXQHbYR.dll
2008-07-13 18:14:53 25600 --a------ C:\WINDOWS\system32\hgGywWoo.dll
2008-07-13 18:13:41 91648 --a------ C:\WINDOWS\system32\lbhyagwk.dll
2008-07-13 18:12:31 869632 --ahs---- C:\WINDOWS\system32\jmSAIkkj.ini2
2008-07-13 18:12:24 320000 -ra------ C:\WINDOWS\system32\jkkIASmj.dll
2008-07-13 18:12:01 25600 --a------ C:\WINDOWS\system32\pmnmnOET.dll
2008-07-13 18:07:20 25600 --a------ C:\WINDOWS\system32\awtrQIyW.dll
2008-07-13 18:07:17 25600 --a------ C:\WINDOWS\system32\mlJbyWpo.dll
2008-07-13 18:07:17 192656 --a------ C:\WINDOWS\MSCORELIB.EXE <Not Verified; Bubzuru inc; Downloader>
2008-07-13 17:53:11 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Symantec
2008-07-13 17:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec


-- Find3M Report ---------------------------------------------------------------

2008-07-17 20:40:59 0 d-------- C:\Program Files\Java
2008-07-17 20:30:24 0 d-------- C:\Program Files\Common Files
2008-07-15 18:36:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 17:24:32 0 d-------- C:\Program Files\Lexmark Toolbar
2008-07-13 13:29:10 0 d-------- C:\Program Files\Lx_cats
2008-07-03 20:38:54 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Creative
2008-06-24 15:02:35 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Adobe
2008-06-16 10:12:25 0 d-------- C:\Program Files\iTunes
2008-06-16 10:11:37 0 d-------- C:\Program Files\iPod
2008-06-16 10:07:17 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 12:40:58 0 d-------- C:\Program Files\Bonjour
2008-06-15 12:40:37 0 d-------- C:\Program Files\QuickTime
2008-06-15 12:34:51 0 d-------- C:\Program Files\Common Files\Apple
2008-04-26 20:16:37 4096 --a----c- C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EA55BE9-CA12-466B-A445-F7BA273E45A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{185060A5-65B5-4E2B-A5D9-0C568652F6BC}]
07/13/2008 18:07 25600 --a------ C:\WINDOWS\system32\mlJbyWpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38811467-7B5D-4D55-B949-46502832EB94}]
07/13/2008 18:12 320000 -ra------ C:\WINDOWS\system32\jkkIASmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3982552-6db8-4d0f-805f-43bbbe9f2937}]
07/16/2008 21:56 102400 --a------ C:\WINDOWS\system32\nlqpzv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 19:52]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 22:25]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [09/07/2007 16:10]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 13:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"0468a0bb"="C:\WINDOWS\system32\vpppnkpv.dll" [07/16/2008 21:59]
"BM075b9327"="C:\WINDOWS\system32\dqibcxrc.dll" [07/16/2008 21:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{185060A5-65B5-4E2B-A5D9-0C568652F6BC}"= C:\WINDOWS\system32\mlJbyWpo.dll [07/13/2008 18:07 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJbyWpo]
mlJbyWpo.dll 07/13/2008 18:07 25600 C:\WINDOWS\system32\mlJbyWpo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkIASmj

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0468a0bb]
rundll32.exe "C:\WINDOWS\system32\tyaiegmc.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2838b15e]
rundll32.exe "C:\WINDOWS\system32\wkxciqua.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM075b9327]
Rundll32.exe "C:\WINDOWS\system32\huhcwakd.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0b82c2]
Rundll32.exe "C:\WINDOWS\system32\rusxditr.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
Z:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N6ppnY]
C:\documents and settings\greg's\local settings\temp\N6ppnY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqurG]
C:\Documents and Settings\Greg's\Local Settings\Temp\qqurG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\System32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
c:\program files\support.com\client\lserver\server.vbs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98186d51-5120-11dd-8d81-00e018b783b5}]
AutoRun\command- H:\StartPortableApps.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]

4828 more entries in hosts file.



extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2559.53 MiB / 1997.34 MiB
Pagefile Memory (total/avail): 4966.52 MiB / 4578.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.27 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 48.34 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380020A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - Memory Stick Slot



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

AV: CA Anti-Virus v8.4.0.28 (CA, Inc.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Groove Networks\\Groove\\Bin\\Groove.exe"="C:\\Program Files\\Groove Networks\\Groove\\Bin\\Groove.exe:*:Enabled:Groove Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\app4r.exe:*:Enabled:BorgListener"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Enabled:tgcmd Module"
"C:\\Program Files\\Groove Networks\\Groove\\Bin\\Groove.exe"="C:\\Program Files\\Groove Networks\\Groove\\Bin\\Groove.exe:*:Enabled:Groove Application"
"D:\\Program Files\\Ever Quest\\ventrilo_srv-2.2.0-Windows-i386\\ventrilo_srv.exe"="D:\\Program Files\\Ever Quest\\ventrilo_srv-2.2.0-Windows-i386\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Program Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iMesh Client for PC platforms"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"="C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Enabled:Bejeweled2"
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"="C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe:*:Enabled:Cubis Dx Version"
"C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"="C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe:*:Enabled:Collapse! Crunch"
"C:\\Program Files\\Yahoo! Games\\Hamsterball\\Hamsterball.exe"="C:\\Program Files\\Yahoo! Games\\Hamsterball\\Hamsterball.exe:*:Enabled:Hamsterball"
"C:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe"="C:\\Program Files\\Hexacto Games\\Lemonade Tycoon\\Lemonade.exe:*:Enabled:Lemonade"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe"="C:\\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe:*:Enabled:iMesh 6"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"D:\\Program Files\\EMPIRES2.ICD"="D:\\Program Files\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"D:\\Program Files\\age2_x1\\AGE2_X1.ICD"="D:\\Program Files\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\lxddcoms.exe"="C:\\WINDOWS\\system32\\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe:*:Enabled: "
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Greg's.GREG.000\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GREG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Greg's.GREG.000
LOGONSERVER=\\GREG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp
USERDOMAIN=GREG
USERNAME=Greg's
USERPROFILE=C:\Documents and Settings\Greg's.GREG.000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Greg's.GREG.000 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93F599DF-519B-4706-A3F1-9530DF2590B4}\SETUP.EXE" -l0x9
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
DV TS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54266945-8A11-424D-B20F-4F747A714FBA}\Setup.exe"
DVgate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
EverQuest Trilogy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B769E280-9708-11D5-B880-00A0CC58DEE4}\setup.exe"
EverQuest: Depths of Darkhollow --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BA41CA6-02ED-405E-AE4F-0AC8447AB55D}\setup.exe" -l0x9
EverQuest: Dragons of Norrath --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAD5DB64-5EEF-4A22-8B40-D27672C1245E}\setup.exe" -l0x9
EverQuest: Gates of Discord --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BD045CD-92E4-41D4-9D92-6B2CFAE58C25}\setup.exe" -l0x9
EverQuest: Lost Dungeons of Norrath --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62ECCCF5-4147-43F9-AED6-A498DC46E985}\setup.exe" -l0x9
EverQuest: Omens of War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40DDA4AA-1591-4DB5-864E-1E8FCE629927}\setup.exe" -l0x9
EverQuest: Planes of Power --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F5CBDFF-C5AD-11D6-B881-00A0CC58DEE4}\setup.exe" -l0x9
EverQuest: Prophecy of Ro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC359839-49AD-4CDF-AFE1-507FD75A8C3B}\setup.exe" -l0x9 -removeonly
EverQuest: Shadows of Luclin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2848FB25-CF81-11D5-B880-00A0CC58DEE4}\setup.exe" -l0x9
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImageStation Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72275927-4241-46A7-A9C4-B86C6B256EB6}\setup.exe"
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 7 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070}
Lucent Technologies Soft Modem AMR --> ltremove
Magelo Sync (uninstall only) --> "D:\Program Files\Magelo Sync\UnInstall.exe"
Magelo Update --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://eq.magelo.com...lo-update.jnlp"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
MovieShaker 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Network Smart Capture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe"
OpenMG Secure Module 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\Setup.exe" -l0x9 UNINSTALL
Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS Compatible VGA V2.09a --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.09A\DeIsL1.isu"&P.U 4 sisgr.inf&-1
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sony on Yahoo! Essentials --> C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Support Actions WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
VAIO Action Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\setup.exe" -l0x9
VAIO Brezza Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACEC9C3E-0100-4EBE-B298-35A2145828A0}\setup.exe"
VAIO Grid Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}\setup.exe"
VAIO Media 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Installer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1A8479-D871-4573-AA8C-90BF0338B242}\setup.exe"
VAIO Media Platform 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AA14D661-8B7A-4A8F-B093-405C160178AF}
VAIO Serenus Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802EF464-4992-42B3-8434-45151AD3C933}\setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type11187 / Warning
Event Submitted/Written: 07/17/2008 07:57:35 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type11186 / Error
Event Submitted/Written: 07/17/2008 07:52:34 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Documents and Settings\Administrator\Application Data\Sun\Java\jdk1.6.0_07\jdk1.6.0_07.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type11135 / Error
Event Submitted/Written: 07/16/2008 06:22:20 PM
Event ID/Source: 4614 / EventSystem
Event Description:
The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type11133 / Warning
Event Submitted/Written: 07/16/2008 06:22:08 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11107 / Error
Event Submitted/Written: 07/15/2008 11:05:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application regclean.exe, version 4.1.7364.1, faulting module regclean.exe, version 4.1.7364.1, fault address 0x0001bc4d.
Processing media-specific event for [regclean.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16246 / Error
Event Submitted/Written: 07/17/2008 09:55:38 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The VAIO Media Photo Server (Application) service has reported an invalid current state 272.

Event Record #/Type16245 / Error
Event Submitted/Written: 07/17/2008 09:17:00 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16244 / Error
Event Submitted/Written: 07/17/2008 09:16:55 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16243 / Error
Event Submitted/Written: 07/17/2008 09:12:15 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16242 / Error
Event Submitted/Written: 07/17/2008 09:12:08 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-17 21:57:33 ------------


-- End of Deckard's System Scanner: finished at 2008-07-17 21:57:33 ------------
  • 0

#5
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,


STEP 1
First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

STEP 2
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {0EA55BE9-CA12-466B-A445-F7BA273E45A4} - (no file)
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\system32\mlJbyWpo.dll
O2 - BHO: (no name) - {38811467-7B5D-4D55-B949-46502832EB94} - C:\WINDOWS\system32\jkkIASmj.dll
O2 - BHO: {7392f9eb-bb34-f508-f0d4-8bd62552893d} - {d3982552-6db8-4d0f-805f-43bbbe9f2937} - C:\WINDOWS\system32\nlqpzv.dll
O4 - HKLM\..\Run: [0468a0bb] rundll32.exe "C:\WINDOWS\system32\vpppnkpv.dll",b
O4 - HKLM\..\Run: [BM075b9327] Rundll32.exe "C:\WINDOWS\system32\dqibcxrc.dll",s
O20 - Winlogon Notify: mlJbyWpo - C:\WINDOWS\SYSTEM32\mlJbyWpo.dll

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

STEP 3
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
Then double click on the fix.reg file, when it prompts to merge click "Yes".

STEP 4
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\mlJbyWpo.dll
    C:\WINDOWS\system32\jkkIASmj.dll
    C:\WINDOWS\system32\nlqpzv.dll
    C:\WINDOWS\system32\vpppnkpv.dll
    C:\WINDOWS\system32\dqibcxrc.dll
    C:\WINDOWS\system32\ketfpyaf.dll
    C:\WINDOWS\system32\ivxaeu.dll
    C:\WINDOWS\system32\ogxbmqft.dll
    C:\WINDOWS\system32\tdciyj.dll
    C:\WINDOWS\system32\upbttyun.dll
    C:\WINDOWS\system32\uaidiwuu.dll
    C:\WINDOWS\system32\awtULfdE.dll
    C:\WINDOWS\system32\efcBtuut.dll
    C:\WINDOWS\system32\byXNFutt.dll
    C:\WINDOWS\system32\ddcCRJcD.dll
    C:\WINDOWS\system32\byXQHbYR.dll
    C:\WINDOWS\system32\hgGywWoo.dll
    C:\WINDOWS\system32\lbhyagwk.dll
    C:\WINDOWS\system32\jmSAIkkj.ini2
    C:\WINDOWS\system32\pmnmnOET.dll
    C:\WINDOWS\system32\awtrQIyW.dll
    C:\WINDOWS\MSCORELIB.EXE
    C:\WINDOWS\system32\tyaiegmc.dll
    C:\WINDOWS\system32\wkxciqua.dll
    C:\WINDOWS\system32\huhcwakd.dll
    C:\WINDOWS\system32\rusxditr.dll
    C:\documents and settings\greg's\local settings\temp\N6ppnY.exe
    C:\PROGRA~1\NEWDOT~1
    C:\Documents and Settings\Greg's\Local Settings\Temp\qqurG.exe
    c:\program files\support.com\client\lserver\server.vbs
    H:\StartPortableApps.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0468a0bb
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2838b15e
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM075b9327
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0b82c2
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N6ppnY
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqurG
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98186d51-5120-11dd-8d81-00e018b783b5}
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 5
Please rescan with DSS. To do this please double click on dss.exe and follow any prompts. When it is done it will open up one notepad main.txt. Please copy/paste the text in main.txt in your next reply.
~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
And the DSS main.txt
  • 0

#6
man6ano

man6ano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Getting closer I hope. I should mention that I can only run IE in safe mode. Otherwise it just throws popups and losks up. I run the programs in standard mode, but switch to safe to reply to the post. Let me know what to do next, I really appreciate the help!

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJbyWpo.dll
C:\WINDOWS\system32\mlJbyWpo.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlJbyWpo.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\jkkIASmj.dll not found.
File/Folder C:\WINDOWS\system32\nlqpzv.dll not found.
File/Folder C:\WINDOWS\system32\vpppnkpv.dll not found.
File/Folder C:\WINDOWS\system32\dqibcxrc.dll not found.
File/Folder C:\WINDOWS\system32\ketfpyaf.dll not found.
File/Folder C:\WINDOWS\system32\ivxaeu.dll not found.
File/Folder C:\WINDOWS\system32\ogxbmqft.dll not found.
File/Folder C:\WINDOWS\system32\tdciyj.dll not found.
File/Folder C:\WINDOWS\system32\upbttyun.dll not found.
File/Folder C:\WINDOWS\system32\uaidiwuu.dll not found.
File/Folder C:\WINDOWS\system32\awtULfdE.dll not found.
File/Folder C:\WINDOWS\system32\efcBtuut.dll not found.
File/Folder C:\WINDOWS\system32\byXNFutt.dll not found.
File/Folder C:\WINDOWS\system32\ddcCRJcD.dll not found.
File/Folder C:\WINDOWS\system32\byXQHbYR.dll not found.
File/Folder C:\WINDOWS\system32\hgGywWoo.dll not found.
File/Folder C:\WINDOWS\system32\lbhyagwk.dll not found.
File/Folder C:\WINDOWS\system32\jmSAIkkj.ini2 not found.
File/Folder C:\WINDOWS\system32\pmnmnOET.dll not found.
File/Folder C:\WINDOWS\system32\awtrQIyW.dll not found.
File/Folder C:\WINDOWS\MSCORELIB.EXE not found.
File/Folder C:\WINDOWS\system32\tyaiegmc.dll not found.
File/Folder C:\WINDOWS\system32\wkxciqua.dll not found.
File/Folder C:\WINDOWS\system32\huhcwakd.dll not found.
File/Folder C:\WINDOWS\system32\rusxditr.dll not found.
File/Folder C:\documents and settings\greg's\local settings\temp\N6ppnY.exe not found.
File/Folder C:\PROGRA~1\NEWDOT~1 not found.
File/Folder C:\Documents and Settings\Greg's\Local Settings\Temp\qqurG.exe not found.
File/Folder c:\program files\support.com\client\lserver\server.vbs not found.
File/Folder H:\StartPortableApps.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0468a0bb >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0468a0bb\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2838b15e >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2838b15e\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM075b9327 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM075b9327\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0b82c2 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0b82c2\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N6ppnY >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N6ppnY\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqurG >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqurG\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98186d51-5120-11dd-8d81-00e018b783b5} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98186d51-5120-11dd-8d81-00e018b783b5}\\ not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\hsperfdata_Greg's\1016 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GREG'S~1.000\LOCALS~1\Temp\jkos-Greg's\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07182008_174758








Deckard's System Scanner v20071014.68
Run by Greg's on 2008-07-18 17:56:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Greg's.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:08, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Greg's.GREG.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Greg's.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - C:\WINDOWS\System32\mlJbyWpo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {80BEC90E-B0F5-410E-9213-9E4FB70B6126} - C:\WINDOWS\system32\jkkIASmj.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1216243671218
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardste...l/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: mlJbyWpo - C:\WINDOWS\SYSTEM32\mlJbyWpo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Program Files\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 7855 bytes

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-17 21:59:55 78336 --a------ C:\WINDOWS\system32\coqmcqow.dll
2008-07-17 21:56:57 92672 --a------ C:\WINDOWS\system32\ujjsaccq.dll
2008-07-17 20:41:31 0 d-------- C:\Program Files\Sun
2008-07-17 20:30:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-17 19:52:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-17 19:13:17 0 d--h----- C:\BJPrinter
2008-07-16 21:08:37 0 d-------- C:\Program Files\Trend Micro
2008-07-16 20:33:54 2184 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 20:32:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 20:32:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-16 20:32:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-16 20:32:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-16 20:32:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-16 20:32:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-16 20:32:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-15 23:50:17 0 d-------- C:\Temp
2008-07-15 23:33:44 0 d-------- C:\VundoFix Backups
2008-07-15 23:03:34 0 d-------- C:\WINDOWS\desktop
2008-07-15 22:30:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-15 22:30:40 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-15 22:30:40 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-15 22:30:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-15 22:30:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-15 22:30:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-15 22:30:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-15 22:30:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-15 22:30:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-15 22:30:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-15 22:30:39 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-15 22:30:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-15 22:30:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-15 22:13:53 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Help
2008-07-15 19:03:52 0 d-------- C:\backup of d
2008-07-15 18:35:27 0 d-------- C:\Program Files\PowerQuest
2008-07-15 17:27:15 0 d-------- C:\old D
2008-07-13 18:07:17 25600 --a------ C:\WINDOWS\system32\mlJbyWpo.dll
2008-07-13 17:53:11 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Symantec
2008-07-13 17:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec


-- Find3M Report ---------------------------------------------------------------

2008-07-17 20:40:59 0 d-------- C:\Program Files\Java
2008-07-17 20:30:24 0 d-------- C:\Program Files\Common Files
2008-07-15 18:36:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 17:24:32 0 d-------- C:\Program Files\Lexmark Toolbar
2008-07-13 13:29:10 0 d-------- C:\Program Files\Lx_cats
2008-07-03 20:38:54 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Creative
2008-06-24 15:02:35 0 d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Adobe
2008-06-16 10:12:25 0 d-------- C:\Program Files\iTunes
2008-06-16 10:11:37 0 d-------- C:\Program Files\iPod
2008-06-16 10:07:17 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 12:40:58 0 d-------- C:\Program Files\Bonjour
2008-06-15 12:40:37 0 d-------- C:\Program Files\QuickTime
2008-06-15 12:34:51 0 d-------- C:\Program Files\Common Files\Apple
2008-04-26 20:16:37 4096 --a----c- C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{185060A5-65B5-4E2B-A5D9-0C568652F6BC}]
07/13/2008 18:07 25600 --a------ C:\WINDOWS\System32\mlJbyWpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80BEC90E-B0F5-410E-9213-9E4FB70B6126}]
C:\WINDOWS\system32\jkkIASmj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 19:52]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 22:25]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [09/07/2007 16:10]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [08/20/2007 13:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]

C:\Documents and Settings\Greg's.GREG.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{185060A5-65B5-4E2B-A5D9-0C568652F6BC}"= C:\WINDOWS\System32\mlJbyWpo.dll [07/13/2008 18:07 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJbyWpo]
mlJbyWpo.dll 07/13/2008 18:07 25600 C:\WINDOWS\system32\mlJbyWpo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkIASmj

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
Z:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\System32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot




-- End of Deckard's System Scanner: finished at 2008-07-18 17:58:16 ------------
  • 0

#7
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,

I should mention that I can only run IE in safe mode. Otherwise it just throws popups and losks up.

It does this every time?




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#8
man6ano

man6ano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I had to run combofix a couple times to get the log, but here they are:

ComboFix 08-07-18.5 - Greg's 2008-07-19 16:06:10.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2093 [GMT -4:00]
Running from: C:\Documents and Settings\Greg's.GREG.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\_000025_.tmp.dll
C:\WINDOWS\system32\_000027_.tmp.dll
C:\WINDOWS\system32\_000028_.tmp.dll
C:\WINDOWS\system32\_000030_.tmp.dll
C:\WINDOWS\system32\_000031_.tmp.dll
C:\WINDOWS\system32\_000032_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-18 17:44 . 2008-07-18 17:44 <DIR> d-------- C:\_OTMoveIt
2008-07-18 17:37 . 2008-07-18 17:37 <DIR> d-------- C:\Program Files\ERUNT
2008-07-17 21:51 . 2008-07-17 21:51 <DIR> d-------- C:\Deckard
2008-07-17 20:41 . 2008-07-17 20:41 <DIR> d-------- C:\Program Files\Sun
2008-07-17 20:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-17 20:30 . 2008-07-17 20:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-17 19:13 . 2008-07-17 19:13 <DIR> d--h----- C:\BJPrinter
2008-07-16 21:08 . 2008-07-16 21:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-16 20:33 . 2008-07-16 20:43 2,184 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 20:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 20:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 20:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-16 20:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-16 20:32 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 20:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 20:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-16 20:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-15 23:50 . 2008-07-15 23:50 <DIR> d-------- C:\Temp
2008-07-15 23:33 . 2008-07-15 23:33 <DIR> d-------- C:\VundoFix Backups
2008-07-15 23:03 . 2008-07-15 23:06 <DIR> d-------- C:\WINDOWS\desktop
2008-07-15 22:30 . 2002-08-03 12:17 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-15 22:30 . 2002-08-15 13:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-07-15 22:30 . 2002-08-15 13:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-15 22:30 . 2008-07-15 22:30 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-15 19:03 . 2008-07-16 23:06 <DIR> d-------- C:\backup of d
2008-07-15 18:35 . 2008-07-15 18:35 <DIR> d-------- C:\Program Files\PowerQuest
2008-07-15 17:27 . 2008-07-15 17:27 <DIR> d-------- C:\old D
2008-07-14 14:32 . 2008-07-14 14:32 445,265 --a------ C:\INF000.SWP
2008-07-14 14:32 . 2008-07-14 14:32 154,660 --a------ C:\INF001.SWP
2008-07-13 17:53 . 2008-07-13 17:53 <DIR> d-------- C:\Documents and Settings\Greg's.GREG.000\Application Data\Symantec
2008-07-13 17:25 . 2008-01-19 20:12 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2008-07-13 17:25 . 2008-01-19 19:40 15,088 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2008-07-13 17:24 . 2007-12-20 17:13 136,416 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2008-07-13 17:24 . 2008-01-19 19:45 38,112 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2008-07-13 17:19 . 2008-07-15 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 00:40 --------- d-----w C:\Program Files\Java
2008-07-15 22:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 21:24 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-07-13 17:29 --------- d-----w C:\Program Files\Lx_cats
2008-07-04 00:38 --------- d-----w C:\Documents and Settings\Greg's.GREG.000\Application Data\Creative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 14:12 --------- d-----w C:\Program Files\iTunes
2008-06-16 14:11 --------- d-----w C:\Program Files\iPod
2008-06-16 14:07 --------- d-----w C:\Program Files\Apple Software Update
2008-06-15 16:40 --------- d-----w C:\Program Files\QuickTime
2008-06-15 16:40 --------- d-----w C:\Program Files\Bonjour
2008-06-15 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 16:34 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-15 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 11:08 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-04 11:08 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-12-27 00:37 45,456 -c--a-w C:\Documents and Settings\befw11s4v4_fw,0\tftp.exe
2006-12-27 00:37 307,212 -c--a-w C:\Documents and Settings\befw11s4v4_fw,0\code.bin
2006-06-13 21:20 317,232 -c--a-w C:\Program Files\dxwebsetup.exe
2006-06-13 21:13 54,549,776 -c--a-w C:\Program Files\directx_apr2006_redist.exe
2005-10-29 01:48 21,730,168 -c--a-w C:\Program Files\81.85_forceware_winxp2k_english_whql.exe
2005-06-06 13:57 2,855,080 -c--a-w C:\Program Files\aawsepersonal.exe
2004-07-18 22:32 10,732,274 -c--a-w C:\Program Files\56.72_winxp2k_english_whql.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80BEC90E-B0F5-410E-9213-9E4FB70B6126}]
C:\WINDOWS\system32\jkkIASmj.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-07 16:10 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:42 230664]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"0468a0bb"="C:\WINDOWS\system32\brslxnhj.dll" [BU]
"BM075b9327"="C:\WINDOWS\system32\ebbwrjex.dll" [BU]

C:\Documents and Settings\Greg's.GREG.000\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-04-26 20:17 102400 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2002-08-15 13:44 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
--a------ 2002-07-20 12:22 32768 C:\WINDOWS\LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 03:56]
R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-07-20 12:22]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 21:10]
S3 PacketNTx;Packet helper driver;C:\WINDOWS\system32\drivers\PacketNTx.sys [2002-01-23 01:13]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 03:23:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-06 20:13:05 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 16:07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-19 16:11:00
ComboFix-quarantined-files.txt 2008-07-19 20:10:08
ComboFix2.txt 2008-07-19 19:55:29

Pre-Run: 50,596,102,144 bytes free
Post-Run: 50,580,688,896 bytes free

166 --- E O F --- 2008-07-10 09:42:09







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:51, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {80BEC90E-B0F5-410E-9213-9E4FB70B6126} - C:\WINDOWS\system32\jkkIASmj.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [0468a0bb] rundll32.exe "C:\WINDOWS\system32\brslxnhj.dll",b
O4 - HKLM\..\Run: [BM075b9327] Rundll32.exe "C:\WINDOWS\system32\ebbwrjex.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1216243671218
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardste...l/uvuplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Program Files\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 7504 bytes
  • 0

#9
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,

STEP 1
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Documents and Settings\befw11s4v4_fw,0\tftp.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
STEP 2
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {80BEC90E-B0F5-410E-9213-9E4FB70B6126} - C:\WINDOWS\system32\jkkIASmj.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [0468a0bb] rundll32.exe "C:\WINDOWS\system32\brslxnhj.dll",b
O4 - HKLM\..\Run: [BM075b9327] Rundll32.exe "C:\WINDOWS\system32\ebbwrjex.dll",s

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

STEP 3
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\brslxnhj.dll
C:\WINDOWS\system32\ebbwrjex.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply.

STEP 4
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~
In your next reply please have these logs.
The VirSCAN report
The ComboFix log
A new HijackThis log
And the Kaspersky log
  • 0

#10
man6ano

man6ano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Well, Jimmy....I was on the final Kaspsersky check and my hard drive died on me. I ended up getting a new one and am on a fresh XP Pro SP3 install. I was running CA antivirus, but have switched to Antivir free. Do you recommend this, or do you have another free one in mind. I've used AVG in the past with success, but hear Antivir is batter. Thanks for all your help, it was running so well, and we were almost there. You did a heck of a job!
  • 0

#11
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,

Sorry to hear that.

I was running CA antivirus, but have switched to Antivir free. Do you recommend this, or do you have another free one in mind. I've used AVG in the past

I can't really say for sure, I have never used CA antivirus before. But I am using AntiVir and really like it, have had no problems with it yet. If you are going for free antivirus software I would stick with AntiVir.
  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello man6ano,

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP