Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virtumondo [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
Kelly Ann

Kelly Ann

    New Member

  • Member
  • Pip
  • 6 posts
Hi there! May I first start by saying...thank you...so much for donating your time to help people like me. You are truly an angel. I have a Dell inspiron 1525 laptop with xp. We have had it a few weeks. When the norton trial ran out, we replaced it with the free avg program which has worked well on our other computers. I got a horrible virus and I purchased the regular version of avg and bought stopzilla. They keep detecting multiple viruses and I remove them, but they keep showing back up. I also have lost my ability to access my display control panel. it says that the administrator has disabled it and I can't figure out how to get it back. Also, every time I boot the machine, I get a rundll error message that says: "error loading c/windows/system32/vgybhylw.dll. the specific module could not be found." Here is myVBG from running virtumondobegone. ( the "vundofix" scanned and didn't catch any viruses).


[07/21/2008, 21:43:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Curt\Desktop\VirtumundoBeGone.exe" )
[07/21/2008, 21:43:32] - Detected System Information:
[07/21/2008, 21:43:32] - Windows Version: 5.1.2600, Service Pack 2
[07/21/2008, 21:43:32] - Current Username: Curt (Admin)
[07/21/2008, 21:43:32] - Windows is in NORMAL mode.
[07/21/2008, 21:43:32] - Searching for Browser Helper Objects:
[07/21/2008, 21:43:32] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/21/2008, 21:43:32] - BHO 2: {1827766B-9F49-4854-8034-F6EE26FCB1EC} (ZILLAbar Browser Helper Object)
[07/21/2008, 21:43:32] - BHO 3: {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} ()
[07/21/2008, 21:43:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:43:32] - Checking for HKLM\...\Winlogon\Notify\xxyyxVlL
[07/21/2008, 21:43:32] - Found: HKLM\...\Winlogon\Notify\xxyyxVlL - This is probably Virtumundo.
[07/21/2008, 21:43:32] - Assigning {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} MSEvents Object
[07/21/2008, 21:43:32] - BHO list has been changed! Starting over...
[07/21/2008, 21:43:32] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/21/2008, 21:43:32] - BHO 2: {1827766B-9F49-4854-8034-F6EE26FCB1EC} (ZILLAbar Browser Helper Object)
[07/21/2008, 21:43:32] - BHO 3: {2A65BE74-EC8D-401E-93DF-5BDA3DC05505} (MSEvents Object)
[07/21/2008, 21:43:32] - ALERT: Found MSEvents Object!
[07/21/2008, 21:43:32] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[07/21/2008, 21:43:32] - BHO 5: {43008c9b-416a-4cce-a7c6-40110f4a9bd3} ()
[07/21/2008, 21:43:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:43:32] - Checking for HKLM\...\Winlogon\Notify\jzpttg
[07/21/2008, 21:43:32] - Key not found: HKLM\...\Winlogon\Notify\jzpttg, continuing.
[07/21/2008, 21:43:32] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/21/2008, 21:43:32] - BHO 7: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/21/2008, 21:43:32] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/21/2008, 21:43:32] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/21/2008, 21:43:32] - BHO 10: {E3215F20-3212-11D6-9F8B-00D0B743919D} (STOPzilla Browser Helper Object)
[07/21/2008, 21:43:32] - BHO 11: {F9956A82-4CD3-4103-A963-14C21C9AFFE8} ()
[07/21/2008, 21:43:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:43:32] - Checking for HKLM\...\Winlogon\Notify\byXOgggf
[07/21/2008, 21:43:32] - Key not found: HKLM\...\Winlogon\Notify\byXOgggf, continuing.
[07/21/2008, 21:43:32] - Finished Searching Browser Helper Objects
[07/21/2008, 21:43:32] - *** Detected MSEvents Object
[07/21/2008, 21:43:32] - Trying to remove MSEvents Object...
[07/21/2008, 21:43:33] - Terminating Process: IEXPLORE.EXE
[07/21/2008, 21:43:33] - Terminating Process: RUNDLL32.EXE
[07/21/2008, 21:43:34] - Disabling Automatic Shell Restart
[07/21/2008, 21:43:34] - Terminating Process: EXPLORER.EXE
[07/21/2008, 21:43:34] - Suspending the NT Session Manager System Service
[07/21/2008, 21:43:34] - Terminating Windows NT Logon/Logoff Manager
[07/21/2008, 21:43:34] - Re-enabling Automatic Shell Restart
[07/21/2008, 21:43:34] - File to disable: C:\WINDOWS\system32\xxyyxVlL.dll
[07/21/2008, 21:43:34] - Renaming C:\WINDOWS\system32\xxyyxVlL.dll -> C:\WINDOWS\system32\xxyyxVlL.dll.vir
[07/21/2008, 21:43:34] - File successfully renamed!
[07/21/2008, 21:43:34] - Removing HKLM\...\Browser Helper Objects\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}
[07/21/2008, 21:43:34] - Removing HKCR\CLSID\{2A65BE74-EC8D-401E-93DF-5BDA3DC05505}
[07/21/2008, 21:43:34] - Adding Kill Bit for ActiveX for GUID: {2A65BE74-EC8D-401E-93DF-5BDA3DC05505}
[07/21/2008, 21:43:34] - Deleting ATLEvents/MSEvents Registry entries
[07/21/2008, 21:43:34] - Removing HKLM\...\Winlogon\Notify\xxyyxVlL
[07/21/2008, 21:43:34] - Searching for Browser Helper Objects:
[07/21/2008, 21:43:34] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/21/2008, 21:43:34] - BHO 2: {1827766B-9F49-4854-8034-F6EE26FCB1EC} (ZILLAbar Browser Helper Object)
[07/21/2008, 21:43:34] - BHO 3: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[07/21/2008, 21:43:34] - BHO 4: {43008c9b-416a-4cce-a7c6-40110f4a9bd3} ()
[07/21/2008, 21:43:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:43:34] - Checking for HKLM\...\Winlogon\Notify\jzpttg
[07/21/2008, 21:43:34] - Key not found: HKLM\...\Winlogon\Notify\jzpttg, continuing.
[07/21/2008, 21:43:34] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/21/2008, 21:43:34] - BHO 6: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/21/2008, 21:43:34] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/21/2008, 21:43:34] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/21/2008, 21:43:34] - BHO 9: {E3215F20-3212-11D6-9F8B-00D0B743919D} (STOPzilla Browser Helper Object)
[07/21/2008, 21:43:34] - BHO 10: {F9956A82-4CD3-4103-A963-14C21C9AFFE8} ()
[07/21/2008, 21:43:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:43:34] - Checking for HKLM\...\Winlogon\Notify\byXOgggf
[07/21/2008, 21:43:34] - Key not found: HKLM\...\Winlogon\Notify\byXOgggf, continuing.
[07/21/2008, 21:43:34] - Finished Searching Browser Helper Objects
[07/21/2008, 21:43:34] - Finishing up...
[07/21/2008, 21:43:34] - A restart is needed.
[07/21/2008, 21:43:34] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/21/2008, 21:43:43] - Attempting to Restart via STOP error (Blue Screen!)

[07/21/2008, 21:46:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Curt\Desktop\VirtumundoBeGone.exe" )
[07/21/2008, 21:47:29] - Detected System Information:
[07/21/2008, 21:47:29] - Windows Version: 5.1.2600, Service Pack 2
[07/21/2008, 21:47:29] - Current Username: Curt (Admin)
[07/21/2008, 21:47:29] - Windows is in NORMAL mode.
[07/21/2008, 21:47:29] - Searching for Browser Helper Objects:
[07/21/2008, 21:47:29] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/21/2008, 21:47:29] - BHO 2: {1827766B-9F49-4854-8034-F6EE26FCB1EC} (ZILLAbar Browser Helper Object)
[07/21/2008, 21:47:29] - BHO 3: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[07/21/2008, 21:47:29] - BHO 4: {43008c9b-416a-4cce-a7c6-40110f4a9bd3} ()
[07/21/2008, 21:47:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:47:29] - Checking for HKLM\...\Winlogon\Notify\jzpttg
[07/21/2008, 21:47:29] - Key not found: HKLM\...\Winlogon\Notify\jzpttg, continuing.
[07/21/2008, 21:47:29] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/21/2008, 21:47:29] - BHO 6: {A057A204-BACC-4D26-9990-79A187E2698E} (AVG Security Toolbar)
[07/21/2008, 21:47:29] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/21/2008, 21:47:29] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/21/2008, 21:47:29] - BHO 9: {E3215F20-3212-11D6-9F8B-00D0B743919D} (STOPzilla Browser Helper Object)
[07/21/2008, 21:47:29] - BHO 10: {F9956A82-4CD3-4103-A963-14C21C9AFFE8} ()
[07/21/2008, 21:47:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/21/2008, 21:47:29] - Checking for HKLM\...\Winlogon\Notify\byXOgggf
[07/21/2008, 21:47:29] - Key not found: HKLM\...\Winlogon\Notify\byXOgggf, continuing.
[07/21/2008, 21:47:29] - Finished Searching Browser Helper Objects
[07/21/2008, 21:47:29] - Finishing up...
[07/21/2008, 21:47:29] - Nothing found! Exiting...
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Kelly Ann,

I am having a look at this and will get back to you in a bit.

Regards
emeraldnzl
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again Kelly Ann,

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

It is important you carry out instructions exactly in the order they appear.

Next

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Now

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So when you come back please paste
  • Vundofix text
  • the two Deckard Scanner logs

  • 0

#4
Kelly Ann

Kelly Ann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I ran the vundofix. here is the log...


VundoFix V7.0.6

Scan started at 9:34:53 PM 7/21/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 8:28:56 PM 7/22/2008

Listing files found while scanning....

No infected files were found.


My computer will not let me run the dss.exe. It keeps deleting it and sayin that there is a trojan with it called..."funny ust". What should I do?
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Kelly Ann,

It's likely something is getting in the way. :)

If your AVG is the latest version it may be it's Resident Shield. You can disable this.

Right click the AVG icon and click open. In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

Equally with AVG you could follow the same steps to disable AVG Anti-Spyware.

Without the DSS scan I don't know what else it might be but any firewall or anti-malware program could be responsible.

You could check to see if Windows Firewall is disabled.

How to Disable Windows Firewall in Windows XP SP2

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.

----------------------------------------------------


Try the foregoing.

If nothing works come back and we will look at alternatives.

Regards
emeraldnzl
  • 0

#6
Kelly Ann

Kelly Ann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, I got it to work. Thanks so much. You see....I would have never figured something like that out!!!! :) Here are my 2 logs from dss: first- the main.txt, and second- the extra.txt.

Deckard's System Scanner v20071014.68
Run by Curt on 2008-07-23 18:17:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-07-23 23:17:35 UTC - RP26 - Deckard's System Scanner Restore Point
25: 2008-07-21 22:37:47 UTC - RP25 - Configured AVG 8.0
24: 2008-07-21 04:33:59 UTC - RP24 - Configured AVG 8.0
23: 2008-07-21 04:26:16 UTC - RP23 - Configured AVG 8.0
22: 2008-07-20 16:13:27 UTC - RP22 - Configured AVG 8.0


-- First Restore Point --
1: 2008-07-19 21:24:55 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Curt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:37 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SystemService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLServiceHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Curt\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Curt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {3db9a4f0-1104-6c7a-ecc4-a614b9c80034} - {43008c9b-416a-4cce-a7c6-40110f4a9bd3} - C:\WINDOWS\system32\jzpttg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {F9956A82-4CD3-4103-A963-14C21C9AFFE8} - C:\WINDOWS\system32\byXOgggf.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bc1ef7f6] rundll32.exe "C:\WINDOWS\system32\vfybhylw.dll",b
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash...geUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213486237234
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: kvxqmtre - {81BED4C3-D5A1-4240-AB02-A3A7DF3BB6E3} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {DB7516F5-FE88-4852-8263-AD7CE730C58C} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Service (SystemService) - InternetSecurityDeluxe - C:\WINDOWS\system32\SystemService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9972 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 SystemService (System Service) - "c:\windows\system32\systemservice.exe" <Not Verified; InternetSecurityDeluxe; SystemService>
R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 10:41:57 0 d-------- C:\Documents and Settings\Curt\Application Data\aAvgApi
2008-07-21 21:58:36 0 d-------- C:\Program Files\Trend Micro
2008-07-21 21:34:53 0 d-------- C:\VundoFix Backups
2008-07-21 21:15:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 17:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 17:51:36 0 d-------- C:\Program Files\STOPzilla!
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files\iS3
2008-07-19 17:51:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-19 16:24:42 399188 --ahs---- C:\WINDOWS\system32\fgggOXyb.ini2
2008-07-19 16:18:48 0 d-------- C:\Documents and Settings\Curt\Application Data\TmpRecentIcons
2008-07-19 16:18:19 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 06:46:33 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 06:46:30 0 d-------- C:\Documents and Settings\Curt\Application Data\AVGTOOLBAR
2008-07-18 06:46:22 0 d-------- C:\Program Files\AVG
2008-07-18 06:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 17:57:51 8704 --a------ C:\WINDOWS\system32\SystemService.exe <Not Verified; InternetSecurityDeluxe; SystemService>
2008-07-09 17:57:51 8192 --a------ C:\WINDOWS\system32\ServiceObject.dll <Not Verified; InternetSecurityDeluxe; ServiceObject>
2008-07-09 17:57:51 4608 --a------ C:\WINDOWS\system32\ServiceInterface.dll <Not Verified; InternetSecurityDeluxe; ServiceInterface>
2008-07-09 17:57:51 677888 --a------ C:\WINDOWS\system32\ScanEngine.dll <Not Verified; InternetSecurityDeluxe; ScanEngine>
2008-07-09 17:57:51 16384 --a------ C:\WINDOWS\system32\Controls.dll <Not Verified; InternetSecurityDeluxe; Controls>
2008-07-03 15:41:10 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-07-03 15:40:46 401408 -ra------ C:\WINDOWS\system32\SZComp5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-06-26 10:56:58 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:56:46 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:56 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:36 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:12 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:50 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:20 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:04 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:50:04 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Find3M Report ---------------------------------------------------------------

2008-07-21 11:49:12 0 d-------- C:\Program Files\NetZeroInstallers
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files
2008-07-19 07:23:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 13:47:50 0 d-------- C:\Documents and Settings\Curt\Application Data\Roxio
2008-06-19 18:36:01 0 d-------- C:\Documents and Settings\Curt\Application Data\Sun
2008-06-16 11:43:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 11:29:48 0 d-------- C:\Documents and Settings\Curt\Application Data\Adobe
2008-06-16 10:59:52 0 d-------- C:\Program Files\Microsoft Works
2008-06-15 21:35:12 0 d-------- C:\Program Files\Common Files\AOL
2008-06-15 21:22:12 0 d-------- C:\Documents and Settings\Curt\Application Data\AOL
2008-06-14 18:50:49 0 d-------- C:\Program Files\Google
2008-06-14 18:42:32 0 d-------- C:\Program Files\Yahoo!
2008-06-14 18:42:26 0 d-------- C:\Documents and Settings\Curt\Application Data\Yahoo!
2008-06-14 18:33:12 0 d-------- C:\Documents and Settings\Curt\Application Data\Macromedia
2008-06-14 18:29:16 0 d-------- C:\Documents and Settings\Curt\Application Data\Google
2008-06-14 18:28:08 0 d-------- C:\Program Files\Common Files\L&H
2008-06-14 18:27:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-14 18:25:42 0 d-------- C:\Program Files\Microsoft.NET
2008-05-12 18:24:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 18:07:04 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43008c9b-416a-4cce-a7c6-40110f4a9bd3}]
C:\WINDOWS\system32\jzpttg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2008 06:46 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9956A82-4CD3-4103-A963-14C21C9AFFE8}]
C:\WINDOWS\system32\byXOgggf.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2008 06:46 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [03/19/2008 02:30 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/19/2008 02:35 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/19/2008 02:34 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/19/2008 02:34 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/10/2007 06:06 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/11/2007 01:22 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [03/19/2008 02:26 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/12/2008 06:11 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [02/28/2008 01:18 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 12:44 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 10:58 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe" [11/03/2004 04:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/12/2008 06:25 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 06:46 AM]
"bc1ef7f6"="C:\WINDOWS\system32\vfybhylw.dll" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2008 6:06:51 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kvxqmtre"= {81BED4C3-D5A1-4240-AB02-A3A7DF3BB6E3} - C:\WINDOWS\kvxqmtre.dll [ ]
"evgratsm"= {DB7516F5-FE88-4852-8263-AD7CE730C58C} - C:\WINDOWS\evgratsm.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/12/2008 06:20 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXOgggf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-07-23 18:19:35 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2037.97 MiB / 1479.61 MiB
Pagefile Memory (total/avail): 3930.32 MiB / 3515.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.4 MiB

C: is Fixed (NTFS) - 105.93 GiB total, 94.01 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS542512K9SA00 - 111.79 GiB - 4 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 105.93 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB
\PARTITION3 - Unknown - 3.3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1210634659\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1210634659\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Curt\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D2M6W9G1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Curt
LOGONSERVER=\\D2M6W9G1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Curt\LOCALS~1\Temp
TMP=C:\DOCUME~1\Curt\LOCALS~1\Temp
USERDOMAIN=D2M6W9G1
USERNAME=Curt
USERPROFILE=C:\Documents and Settings\Curt
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Curt (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GoToAssist 8.0.0.514 --> C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE --> C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
STOPzilla --> MsiExec.exe /X{60CA95A8-0FB9-4AA5-AC3A-035E1E215E3C}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Yahoo! Search Suggest Add-on for IE7 --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3134 / Error
Event Submitted/Written: 07/21/2008 05:54:40 PM
Event ID/Source: 1015 / Winlogon
Event Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine
must now be restarted.

Event Record #/Type3125 / Error
Event Submitted/Written: 07/20/2008 11:29:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application avgsetup.exe, version 8.0.0.134, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3103 / Error
Event Submitted/Written: 07/19/2008 07:00:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3097 / Error
Event Submitted/Written: 07/19/2008 05:34:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2827 / Error
Event Submitted/Written: 07/14/2008 07:40:09 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5524 / Warning
Event Submitted/Written: 07/22/2008 08:57:43 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type5491 / Warning
Event Submitted/Written: 07/22/2008 03:49:39 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type5465 / Warning
Event Submitted/Written: 07/22/2008 02:51:33 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type5440 / Warning
Event Submitted/Written: 07/22/2008 00:47:02 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.

Event Record #/Type5415 / Warning
Event Submitted/Written: 07/22/2008 10:44:28 AM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.



-- End of Deckard's System Scanner: finished at 2008-07-23 18:19:35 ------------


and if you understand all of that....WOW! I am doublely impressed! :)

Thanks again!

-Kelly Ann
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Kelly Ann,

Plenty of baddies there. :)

Firstly

Please go to Start > Control Panel > Add or Remove Programs and remove Viewpoint.

-----Step 2-----

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-----Step 3-----

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {3db9a4f0-1104-6c7a-ecc4-a614b9c80034} - {43008c9b-416a-4cce-a7c6-40110f4a9bd3} - C:\WINDOWS\system32\jzpttg.dll (file missing)
O2 - BHO: (no name) - {F9956A82-4CD3-4103-A963-14C21C9AFFE8} - C:\WINDOWS\system32\byXOgggf.dll (file missing)
O21 - SSODL: kvxqmtre - {81BED4C3-D5A1-4240-AB02-A3A7DF3BB6E3} - C:\WINDOWS\kvxqmtre.dll (file missing)
O21 - SSODL: evgratsm - {DB7516F5-FE88-4852-8263-AD7CE730C58C} - C:\WINDOWS\evgratsm.dll (file missing)
O23 - Service: System Service (SystemService) - InternetSecurityDeluxe - C:\WINDOWS\system32\SystemService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 4-----

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\fgggOXyb.ini2
    C:\WINDOWS\system32\SystemService.exe 
    C:\WINDOWS\system32\ServiceObject.dll
    C:\WINDOWS\system32\ServiceInterface.dll
    C:\WINDOWS\system32\ScanEngine.dll
    C:\WINDOWS\system32\Controls.dll
    C:\WINDOWS\system32\jzpttg.dll
    C:\WINDOWS\system32\byXOgggf.dll
    SystemService <delete service>
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-----Step 5-----

Next

Run Deckards System Scanner again.

This time there will only be one log.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open Notepad .txt please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents in your next reply.

So when you come back please post
  • the contents of the SDFix report
  • OTMoveIt2 report
  • the Deckards Scanner report

  • 0

#8
Kelly Ann

Kelly Ann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I think that I did it all correctly ( I hope :) )

Here is the SDFIX log…..


SDFix: Version 1.208
Run by Curt on Thu 07/24/2008 at 08:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :


Here is the Hijack this log (ran right afterward)……..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:06 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\SystemService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe


Here is the OTMovieit2 log…..



Explorer killed successfully
C:\WINDOWS\system32\fgggOXyb.ini2 moved successfully.
C:\WINDOWS\system32\SystemService.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ServiceObject.dll
C:\WINDOWS\system32\ServiceObject.dll NOT unregistered.
C:\WINDOWS\system32\ServiceObject.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ServiceInterface.dll
C:\WINDOWS\system32\ServiceInterface.dll NOT unregistered.
C:\WINDOWS\system32\ServiceInterface.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ScanEngine.dll
C:\WINDOWS\system32\ScanEngine.dll NOT unregistered.
C:\WINDOWS\system32\ScanEngine.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\Controls.dll
C:\WINDOWS\system32\Controls.dll NOT unregistered.
C:\WINDOWS\system32\Controls.dll moved successfully.
File/Folder C:\WINDOWS\system32\jzpttg.dll not found.
File/Folder C:\WINDOWS\system32\byXOgggf.dll not found.
SystemService service deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Curt\LOCALS~1\Temp\~DF975E.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_205909

Files moved on Reboot...
C:\DOCUME~1\Curt\LOCALS~1\Temp\~DF975E.tmp moved successfully.



And- The deckard’s scanner report……………..


Deckard's System Scanner v20071014.68
Run by Curt on 2008-07-24 21:06:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Curt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:25 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLServiceHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Curt\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Curt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bc1ef7f6] rundll32.exe "C:\WINDOWS\system32\vfybhylw.dll",b
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash...geUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213486237234
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9768 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 20:36:39 0 d-------- C:\WINDOWS\ERUNT
2008-07-22 10:41:57 0 d-------- C:\Documents and Settings\Curt\Application Data\aAvgApi
2008-07-21 21:58:36 0 d-------- C:\Program Files\Trend Micro
2008-07-21 21:34:53 0 d-------- C:\VundoFix Backups
2008-07-21 21:15:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 17:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 17:51:36 0 d-------- C:\Program Files\STOPzilla!
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files\iS3
2008-07-19 17:51:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-19 16:18:48 0 d-------- C:\Documents and Settings\Curt\Application Data\TmpRecentIcons
2008-07-19 16:18:19 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 06:46:33 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 06:46:30 0 d-------- C:\Documents and Settings\Curt\Application Data\AVGTOOLBAR
2008-07-18 06:46:22 0 d-------- C:\Program Files\AVG
2008-07-18 06:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-03 15:41:10 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-07-03 15:40:46 401408 -ra------ C:\WINDOWS\system32\SZComp5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-06-26 10:56:58 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:56:46 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:56 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:36 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:12 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:50 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:20 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:04 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:50:04 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Find3M Report ---------------------------------------------------------------

2008-07-21 11:49:12 0 d-------- C:\Program Files\NetZeroInstallers
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files
2008-07-19 07:23:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 13:47:50 0 d-------- C:\Documents and Settings\Curt\Application Data\Roxio
2008-06-19 18:36:01 0 d-------- C:\Documents and Settings\Curt\Application Data\Sun
2008-06-16 11:43:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 11:29:48 0 d-------- C:\Documents and Settings\Curt\Application Data\Adobe
2008-06-16 10:59:52 0 d-------- C:\Program Files\Microsoft Works
2008-06-15 21:35:12 0 d-------- C:\Program Files\Common Files\AOL
2008-06-15 21:22:12 0 d-------- C:\Documents and Settings\Curt\Application Data\AOL
2008-06-14 18:50:49 0 d-------- C:\Program Files\Google
2008-06-14 18:42:32 0 d-------- C:\Program Files\Yahoo!
2008-06-14 18:42:26 0 d-------- C:\Documents and Settings\Curt\Application Data\Yahoo!
2008-06-14 18:33:12 0 d-------- C:\Documents and Settings\Curt\Application Data\Macromedia
2008-06-14 18:29:16 0 d-------- C:\Documents and Settings\Curt\Application Data\Google
2008-06-14 18:28:08 0 d-------- C:\Program Files\Common Files\L&H
2008-06-14 18:27:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-14 18:25:42 0 d-------- C:\Program Files\Microsoft.NET
2008-05-12 18:24:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 18:07:04 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2008 06:46 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2008 06:46 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [03/19/2008 02:30 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/19/2008 02:35 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/19/2008 02:34 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/19/2008 02:34 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/10/2007 06:06 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/11/2007 01:22 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [03/19/2008 02:26 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/12/2008 06:11 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [02/28/2008 01:18 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 12:44 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 10:58 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe" [11/03/2004 04:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/12/2008 06:25 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 06:46 AM]
"bc1ef7f6"="C:\WINDOWS\system32\vfybhylw.dll" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2008 6:06:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/12/2008 06:20 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXOgggf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-07-24 21:07:03 ------------



Hope it is okay....if not...let me know what to do. Thanks!!! :)
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Kelly Ann,

Your going well, getting there, but we do still have a bit to do. :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [bc1ef7f6] rundll32.exe "C:\WINDOWS\system32\vfybhylw.dll",b

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next

Before we proceed we need to backup your Registry. Making changes to your computers registry is a dangerous proceedure and backup will allow us to recover information if necessary.

Download and install ERUNT (Emergency Recovery Utility NT) from here lars Hederer or here Snapfiles.com.

Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

-----Step 2-----

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00

Then double click on the fix.reg file, when it prompts to merge click "Yes".

Reboot your computer.

The above Registry file was written specifically for this infection on this person's computer. It should NOT to be used on another computer, as it may cause serious damage causing the computer to become unusable.

-----Step 3-----

Run Deckards System Scanner again.

This time there will only be one log.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open Notepad .txt please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents in your next reply.

-----Step 4-----

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • the DSS report
  • Kaspersky scan results

  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#11
Kelly Ann

Kelly Ann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yay! I'm back in business. :)

Here are the posts that you asked for.....Dds scan…..


Deckard's System Scanner v20071014.68
Run by Curt on 2008-07-28 19:42:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Curt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:17 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\121063~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Curt\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Curt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080513
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.winkflash...geUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213486237234
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9381 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-24 20:36:39 0 d-------- C:\WINDOWS\ERUNT
2008-07-22 10:41:57 0 d-------- C:\Documents and Settings\Curt\Application Data\aAvgApi
2008-07-21 21:58:36 0 d-------- C:\Program Files\Trend Micro
2008-07-21 21:34:53 0 d-------- C:\VundoFix Backups
2008-07-21 21:15:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 17:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-19 17:51:36 0 d-------- C:\Program Files\STOPzilla!
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files\iS3
2008-07-19 17:51:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-19 16:18:48 0 d-------- C:\Documents and Settings\Curt\Application Data\TmpRecentIcons
2008-07-19 16:18:19 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 06:46:33 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 06:46:30 0 d-------- C:\Documents and Settings\Curt\Application Data\AVGTOOLBAR
2008-07-18 06:46:22 0 d-------- C:\Program Files\AVG
2008-07-18 06:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-03 15:41:10 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-07-03 15:40:46 401408 -ra------ C:\WINDOWS\system32\SZComp5.dll <Not Verified; iS3, Inc.; STOPzilla>


-- Find3M Report ---------------------------------------------------------------

2008-07-21 11:49:12 0 d-------- C:\Program Files\NetZeroInstallers
2008-07-19 17:51:36 0 d-------- C:\Program Files\Common Files
2008-07-19 07:23:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-26 10:56:58 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:56:46 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:56 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:36 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:12 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:50 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:20 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:04 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:50:04 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-20 13:47:50 0 d-------- C:\Documents and Settings\Curt\Application Data\Roxio
2008-06-19 18:36:01 0 d-------- C:\Documents and Settings\Curt\Application Data\Sun
2008-06-16 11:43:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 11:29:48 0 d-------- C:\Documents and Settings\Curt\Application Data\Adobe
2008-06-16 10:59:52 0 d-------- C:\Program Files\Microsoft Works
2008-06-15 21:35:12 0 d-------- C:\Program Files\Common Files\AOL
2008-06-15 21:22:12 0 d-------- C:\Documents and Settings\Curt\Application Data\AOL
2008-06-14 18:50:49 0 d-------- C:\Program Files\Google
2008-06-14 18:42:32 0 d-------- C:\Program Files\Yahoo!
2008-06-14 18:42:26 0 d-------- C:\Documents and Settings\Curt\Application Data\Yahoo!
2008-06-14 18:33:12 0 d-------- C:\Documents and Settings\Curt\Application Data\Macromedia
2008-06-14 18:29:16 0 d-------- C:\Documents and Settings\Curt\Application Data\Google
2008-06-14 18:28:08 0 d-------- C:\Program Files\Common Files\L&H
2008-06-14 18:27:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-14 18:25:42 0 d-------- C:\Program Files\Microsoft.NET
2008-05-12 18:24:05 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 18:07:04 22729 --a------ C:\newkey


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/18/2008 06:46 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/18/2008 06:46 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [03/19/2008 02:30 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/19/2008 02:35 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/19/2008 02:34 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/19/2008 02:34 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/10/2007 06:06 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/11/2007 01:22 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [03/19/2008 02:26 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/12/2008 06:11 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [02/28/2008 01:18 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [03/11/2008 12:44 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/21/2007 10:58 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1210634659\EE\AOLHostManager.exe" [11/03/2004 04:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/12/2008 06:25 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 11:03 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [03/11/2008 12:44 PM]

C:\Documents and Settings\Curt\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/12/2008 6:06:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 05/12/2008 06:20 PM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-07-28 19:43:04 ------------

Kaspersky scan results…….

KASPERSKY ONLINE SCANNER REPORT
Monday, July 28, 2008 9:34:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/07/2008
Kaspersky Anti-Virus database records: 1018432

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 48743
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:40:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SITEguard\siteguard.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\STOPzilla!\modules_scanned.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\STOPzilla!\sgdefs.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla5.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Curt\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\Curt\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Application Data\SupportSoft\DellSupportCenter\Curt\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\History\History.IE5\MSHist012008072820080729\index.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temp\~DF2300.tmp Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temp\~DF4E30.tmp Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temp\~DF6F6C.tmp Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temp\~DF8848.tmp Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temp\~WRD0002.doc Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temporary Internet Files\Content.IE5\XMGZPCGZ\kavwebscan_unicode[1].cab Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp Object is locked skipped

C:\Documents and Settings\Curt\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp Object is locked skipped

C:\Documents and Settings\Curt\My Documents\fsp cards.doc Object is locked skipped

C:\Documents and Settings\Curt\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Curt\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks!!!!
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Welcome back Kelly Ann,

Your logs look clean to me. :) Just a couple of issues to deal with.

Please up date your Java

Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JDK) Update and save it to your desktop or the folder you usually download to.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Next

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Now

We have a couple of last steps to perform and then you're all set. :)

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting [list]
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#13
Kelly Ann

Kelly Ann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
You are terrific!!! Thank you so much! :)
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP