Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected trojan- need help identifying nasties please! [RESOLVED]


  • This topic is locked This topic is locked

#16
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello

It is- that's the only one I have! There's nothing in the ComboFix folder other than two files called C.bat and CF15297.exe. I copied and pasted the log after I did the first ComboFix scan and put it on a memory stick as I was using my laptop at the time. Should there be something else? Do you want me to run it again? Argh, sorry this is such a mess :)

Emily
  • 0

Advertisements


#17
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

I strongly recommand to remove Azureus, Bitcomet, and WinMX. These programs are P2P programs. The probelms with these kind of software is that the use of it can cause many infections. Also the use of it is illegal in man countries due to copyright infrigments.

Please follow these steps in the order they are discribed.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Please post also a new Hijackthislog.

Thunderbird1988
  • 0

#18
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Morning Thunderbird1988,


OK, after wrestling with my poor computer all week, here is what we have (found so many viruses):

MBAM

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

07:17:28 31/07/2008
mbam-log-7-31-2008 (07-17-28).txt

Scan type: Quick Scan
Objects scanned: 41229
Time elapsed: 15 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 69
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.progressivecounterplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.slotplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.slotplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.textplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.textplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DR WEB

"Scan ""Scan whole computer"" was finished."
"Infections found:";"20"
"Infected objects removed or healed:";"20"
"Not removed or healed:";"0"
"Spyware found:";"8"
"Spyware removed:";"8"
"Not removed:";"0"
"Warnings count:";"74"
"Information count:";"0"
"Scan started:";"29 July 2008, 21:03:37"
"Scan finished:";"29 July 2008, 23:15:20 (2 hour(s) 11 minute(s) 43 second(s))"
"Total object scanned:";"635874"
"User who launched the scan:";"Owner"

"Infections"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dfgdfgdfg.jar-47ca32a3-51dfced9.zip";"Trojan horse Java/ClassLoader";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip";"Virus identified Worm/Agobot.25.M";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\bot.exe";"Virus identified Worm/Agobot.25.M";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\movedfile.vir";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\svchost.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"C:\SDFix\backups\backups.zip:\backups\winguard.exe";"Virus identified Exploit.MS04-011";"Moved to Virus Vault"
"C:\WINDOWS\system32\ftpupd.exe";"Virus identified Worm/Korgo.B";"Moved to Virus Vault"
"C:\WINDOWS\system32\lsac.exe";"Virus identified Exploit.MS04-011";"Moved to Virus Vault"
"H:\RECYCLER\INFO.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932\A0238280.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1001\A0258806.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP944\A0240151.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP945\A0240166.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP946\A0240177.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1002\A0261880.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932\A0238285.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977\A0248022.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977\A0248053.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP978\A0248085.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"
"H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP981\A0249144.exe";"Virus identified Worm/Generic.BVE";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\hp\bin\Terminator.exe";"Potentially harmful program HackTool.BVU";"Moved to Virus Vault"
"C:\Program Files\GameSpy Arcade\GSAPak.exe";"Adware Generic2.ZHX";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll";"Adware Generic.DOI";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe";"Adware Generic.LMK";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Save.exe";"Adware Generic.LMK";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\SaveUninst.exe";"Adware Generic.SAT";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Weather\Uninst.exe";"Adware Generic2.QXV";"Moved to Virus Vault"
"C:\Program Files\Nostra DivX Player\SaveInstWm.exe:\Weather\Weather.exe";"Adware Generic2.BBI";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.1a6a6c0d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.23a940be";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.1ba0e966";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.2623214a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.4d4e0536";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.686f76b4";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.697706d6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.6dc9f747";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.8777f6c6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.93af4fad";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.9bbee8a7";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7919062b";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7ae9c250";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.ba00a41a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.7ea8995a";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.c7b585e6";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.cb19198d";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.d2aa96c8";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.d456db17";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.e26bad26";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.ec4774bb";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\2o7.net.f1d32757";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.1ba48dcc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.2f109f47";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3008dc36";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4ef8a2b6";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.61ace4ce";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.803af41e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.8e3ce386";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.a5a0685f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ad2991f2";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.e54e374";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.319f5b3a";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3aef2dd9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.3b29cc9e";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.452ef943";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4d861cea";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.4e188af9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.54524c13";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5962555d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5a6bde8c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5c24f3bf";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5ca26386";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5d0b7b4d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.5f8a688c";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.89c8049d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.91670ceb";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.99064bff";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.99e8d8b4";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.6825e6f1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.71c65560";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.7374b1b7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.73eebe98";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.9bd9c5c9";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ab16e10d";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.bd53eecb";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.d6e2c7d1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.8f654926";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.94018c22";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.9552d625";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.98bf7c29";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.a4081563";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ce90c9dc";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.b4417ab7";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.bbd0f785";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f3a079f";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f540b973";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.f5ad42b1";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\statcounter.com.ff6b688";"Found Tracking cookie.Statcounter";"Potentially dangerous object"
"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ol8ibfs6.default\cookies.txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Potentially dangerous object"

GMER

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-02 02:21:27
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_530_11339.SYS (NetBIOS Redirector/Neoteris)

Device \Driver\Tcpip6 \Device\Ip6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_530_11339.SYS (NetBIOS Redirector/Neoteris)

Device \Driver\Tcpip6 \Device\RawIp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip6 \Device\Tcp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_530_11339.SYS (NetBIOS Redirector/Neoteris)

Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_530_11339.SYS (NetBIOS Redirector/Neoteris)

Device \Driver\Tcpip6 \Device\Udp6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----


What do you think? Thanks!
Emily
  • 0

#19
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

You seem to have posted the log of AVG-Antivirus you have run 5 days ago. Could you please follow the instructions to run DR.Web CureIt I gave in my previous post?

Please post also a new Hijackthislog.

Thunderbird1988
  • 0

#20
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Oh gosh I'm sorry - I've got logs coming out of my bottom, if you'll pardon the pun :)

Here it is:

mwsoemon.exe.vir;c:\qoobox\quarantine\c\program files\mywebsearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
Setup.exe\Launch.exe;C:\compaq\emeaisp\gb\btclick\Setup.exe;Trojan.Click.1383;;
Setup.exe;C:\compaq\emeaisp\gb\btclick;Archive contains infected objects;Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted.;
msnfixjs.js;C:\hp\patches\32WW5MSN\msnfix;Probably SCRIPT.Virus;Incurable.Deleted.;
F3EZSETP.DLL.vir;C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin;Adware.MySearch;Incurable.Deleted.;
F3CJPEG.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Funweb;Incurable.Deleted.;
F3HISTSW.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
F3HTMLMU.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Funweb;Incurable.Deleted.;
F3POPSWT.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Funweb;Incurable.Deleted.;
F3PSSAVR.SCR.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
F3REPROX.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Websearch;Incurable.Deleted.;
F3RESTUB.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
F3SCHMON.EXE.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
F3SCRCTR.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.MWS;Incurable.Deleted.;
F3WPHOOK.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
M3HTML.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
M3OUTLCN.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
M3PLUGIN.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
M3SKIN.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
MWSBAR.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
MWSOEPLG.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch.origin;Incurable.Deleted.;
MWSOESTB.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
NPMYWEBS.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin;Adware.Msearch;Incurable.Deleted.;
MWSSRCAS.DLL.vir;C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\4.bin;Adware.Msearch;Incurable.Deleted.;
_U_.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system\_sv_CMD_;Win32.HLLW.Ofni;Deleted.;
f3PSSavr.scr.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Msearch;Incurable.Deleted.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\SDFix\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\SDFix;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\SDFix\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\SDFix;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Deleted.;
A0261866.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1001;Win32.HLLW.Ofni;Deleted.;
A0261867.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1001;Win32.HLLW.Ofni;Deleted.;
A0261978.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1003;Win32.HLLW.MyBot.based;Deleted.;
A0261979.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1003;Win32.HLLW.Ofni;Deleted.;
A0261986.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1003;Win32.HLLW.Ofni;Deleted.;
A0261987.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1003;Win32.HLLW.MyBot.based;Deleted.;
A0262032.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.MySearch;Invalid path to file ;
A0262038.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Funweb;Incurable.Deleted.;
A0262039.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262040.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Funweb;Invalid path to file ;
A0262041.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Funweb;Invalid path to file ;
A0262042.SCR;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262043.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Websearch;Invalid path to file ;
A0262044.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262045.EXE;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262046.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.MWS;Incurable.Deleted.;
A0262047.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262048.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262049.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262050.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262051.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262052.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262053.EXE;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0262054.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch.origin;Invalid path to file ;
A0262055.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262056.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262059.DLL;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Invalid path to file ;
A0262061.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Win32.HLLW.Ofni;Deleted.;
A0262062.scr;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1004;Adware.Msearch;Incurable.Deleted.;
A0263087.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1006;Trojan.KillApp.30208;Deleted.;
A0263090.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1006;Adware.SaveNow;Incurable.Deleted.;
A0263092.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1006;Win32.Lsabot;Deleted.;
A0263093.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1006;Win32.HLLW.MyBot.based;Deleted.;
A0263164.exe\Launch.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007\A0263164.exe;Trojan.Click.1383;;
A0263164.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007;Archive contains infected objects;Moved.;
A0263165.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007\A0263165.exe;Program.PsExec.171;;
A0263165.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007;Archive contains infected objects;Moved.;
A0263166.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007\A0263166.exe;Tool.Prockill;;
A0263166.exe;C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007;Archive contains infected objects;Moved.;
msnfixjs.js;D:\hp\patches\32WW5MSN\msnfix;Probably SCRIPT.Virus;Incurable.Deleted.;
autorun.inf;H:\;Win32.HLLW.Autoruner;Deleted.;
A0238282.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932;Win32.HLLW.Autoruner;Deleted.;
A0238287.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP932;Win32.HLLW.Autoruner;Deleted.;
A0240153.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP944;Win32.HLLW.Autoruner;Deleted.;
A0240168.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP945;Win32.HLLW.Autoruner;Deleted.;
A0240179.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP946;Win32.HLLW.Autoruner;Deleted.;
A0248024.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977;Win32.HLLW.Autoruner;Deleted.;
A0248055.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP977;Win32.HLLW.Autoruner;Deleted.;
A0248087.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP978;Win32.HLLW.Autoruner;Deleted.;
A0249146.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP981;Win32.HLLW.Autoruner;Deleted.;
A0258808.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1001;Win32.HLLW.Autoruner;Deleted.;
A0261882.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1002;Win32.HLLW.Autoruner;Deleted.;
A0263169.inf;H:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP1007;Win32.HLLW.Autoruner;Deleted.;

And Highjack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:57, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [83CB3A8E] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [DE994F20] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Services] lsrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Services] lsrv.exe (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm205
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6942 bytes

THANK YOU!!

Edited by emilyb, 02 August 2008 - 02:36 PM.

  • 0

#21
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thunderbird1988
  • 0

#22
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK thanks! Here you go:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-03 14:06:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-08-03 13:06:30 UTC - RP1012 - Deckard's System Scanner Restore Point
68: 2008-08-03 11:45:10 UTC - RP1011 - System Checkpoint
67: 2008-08-01 21:39:04 UTC - RP1010 - Removed Adobe InDesign CS2
66: 2008-08-01 21:06:54 UTC - RP1009 - Removed QuarkXPress 6.1
65: 2008-08-01 20:40:48 UTC - RP1008 - System Checkpoint


-- First Restore Point --
1: 2008-05-15 17:00:26 UTC - RP944 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:46, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [83CB3A8E] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [DE994F20] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Services] lsrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Services] lsrv.exe (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm205
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7251 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NEOFLTR_530_11339 (Juniper Networks TDI Filter Driver (NEOFLTR_530_11339)) - c:\windows\system32\drivers\neofltr_530_11339.sys <Not Verified; Neoteris; Secure Application Manager>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
R3 L6TPortA (Service - Line 6 TonePort UX1) - c:\windows\system32\drivers\l6tporta.sys <Not Verified; Line 6; GuitarPort>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S2 gafwload (Westell USB ADSL Loader) - c:\windows\system32\drivers\gafwload.sys <Not Verified; GlobeSpan Inc.; GlobeSpan USB ADSL Firmware Loader>
S3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
S3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
S3 EWAVE - c:\windows\system32\drivers\ew.sys (file missing)
S3 FILESPY - c:\windows\system32\drivers\filespy.sys (file missing)
S3 NSTATION - c:\windows\system32\drivers\nstation.sys (file missing)
S3 US122 (US122 Driver) - c:\windows\system32\drivers\us122.sys
S3 US122DL (US122 Firmware Downloader) - c:\windows\system32\drivers\us122dl.sys
S3 Us122WdmService (US122 Wdm Audio) - c:\windows\system32\drivers\us122wdm.sys
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanusb (Westell USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobeSpan Inc.; GlobeSpan WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_90121509&REV_10\3&61AAA01&1&58
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_90121509&REV_10\3&61AAA01&1&58
Service: rtl8139


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 16:30:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 13:39:37 0 d-------- C:\Program Files\Bonjour
2008-07-31 07:30:10 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-07-31 00:46:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-31 00:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 00:46:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:09:06 0 d--h----- C:\$AVG8.VAULT$
2008-07-29 21:00:17 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-29 21:00:16 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-29 20:59:40 0 d-------- C:\Program Files\AVG
2008-07-29 20:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 23:23:11 0 d-------- C:\cmdcons
2008-07-28 23:18:42 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 23:18:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 23:18:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 23:18:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 23:18:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 23:18:42 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 23:18:42 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 23:18:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 21:53:01 0 d-------- C:\WINDOWS\ERUNT
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Favorites
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Desktop
2008-07-28 19:39:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 19:39:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\WINDOWS
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Templates
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Start Menu
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\SendTo
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Recent
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\PrintHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\NetHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\My Documents
2008-07-28 19:39:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 19:39:16 634880 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-03 13:43:01 0 d-------- C:\Program Files\iTunes
2008-08-03 13:42:33 0 d-------- C:\Program Files\iPod
2008-08-03 13:38:28 0 d-------- C:\Program Files\QuickTime
2008-08-01 22:41:56 0 d-a------ C:\Program Files\Common Files\Adobe
2008-08-01 22:41:56 0 d-a------ C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-01 22:39:16 0 d-a------ C:\Program Files\Common Files
2008-07-29 22:07:04 0 d-------- C:\Program Files\Nostra DivX Player
2008-07-29 21:51:29 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-28 21:15:47 0 d-------- C:\Program Files\Azureus
2008-07-28 21:15:31 0 d-------- C:\Program Files\BitComet101
2008-07-27 15:03:35 0 d-a------ C:\Program Files\NoAdware
2008-07-11 22:02:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Games
2008-07-11 21:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:48:38 0 d-a------ C:\Program Files\Coloreal


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
29/07/2008 21:00 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe" [25/02/2003 04:33 C:\WINDOWS\system32\S3tray2.exe]
"83CB3A8E"="C:\WINDOWS\System32\dbyanyzghffd.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/12/2004 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/07/2008 21:00]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"BitComet"="C:\Program Files\BitComet101\BitComet.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DE994F20"=C:\WINDOWS\System32\dbyanyzghffd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Services"=lsrv.exe
"Microsoft Restore"=scrgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
"C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"C:\Program Files\Coloreal\coloreal.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49440ca4-25c2-11dd-9c24-000fb5bd8ed4}]
AutoRun\command- I:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe




-- End of Deckard's System Scanner: finished at 2008-08-03 14:10:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2200+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 223.48 MiB / 52.53 MiB
Pagefile Memory (total/avail): 546.57 MiB / 262.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.81 GiB total, 6.95 GiB free.
D: is Fixed (FAT32) - 3.45 GiB total, 0.48 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Fixed (FAT32) - 149.01 GiB total, 103.8 GiB free.

\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 3.45 GiB - D:
\PARTITION1 (bootable) - Installable File System - 33.81 GiB - C:

\\.\PHYSICALDRIVE1 - WD 1600JB External USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALEXANDEMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\ALEXANDEMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=ALEXANDEMILY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Binatone ADSL500 USB Modem Network Adapter --> "C:\Program Files\Binatone ADSL500 USB Modem\Binatone ADSL500 USB Modem Network\SETUP.EXE" -U -IVID_0509&PID_080F
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer --> "C:\Program Files\Webteh\BSPlayer\uninstall.exe"
Cakewalk VST Adapter 4.4.4.0 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CITB-ConstructionSkills --> MsiExec.exe /I{A7EACBCD-8620-4FF2-925F-AF46A68EB818}
Citrix ICA Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf -c"C:\PROGRA~1\Citrix\icaweb32\uninstpn.dll"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player --> C:\Program Files\DivX\DivX Player 2.1\DivXPlayerUninstall.exe /PLAYER
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\setup.exe" -l0x9
Electrotank Mini Golf Gold --> "C:\Program Files\Electrotank\Mini Golf Gold\uninstall.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FL Studio 4.5 --> MsiExec.exe /X{EA2C608A-60C1-4722-8643-03E5FBE87F5B}
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GearBox 1.00 (Remove Only) --> C:\Program Files\Line6\GearBox\Uninstall.exe
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Juniper Networks Secure Application Manager --> C:\Program Files\Neoteris\Secure Application Manager\UninstallSAM.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LG PC Suite --> C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
M-crew Ver.2.01E --> MsiExec.exe /X{3E47BCDE-E81C-414B-B64F-2D4955EC6D04}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Client --> MsiExec.exe /I{4E21223F-8D6C-446E-9CD3-587D206A8400}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MOS MP3 Player Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0D999A1-172D-43F1-9222-E157957286E4}\setup.exe" -l0x9
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NoAdware 2.0 --> "C:\Program Files\NoAdware\unins000.exe"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OLYMPUS CAMEDIA Master 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
PclkusbDriverXP(ENG) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B5948A3-9C7E-4B8E-949A-10447659A6C7}\Setup.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Schmap Player 1.1 --> "C:\Program Files\Schmap\Schmap Player\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
SONAR 5 Studio Edition --> C:\PROGRA~1\Cakewalk\SONAR5~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONAR5~1\INSTALL.LOG
Sony Ericsson Image Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\setup.exe" -l0x9 -l0009 --remove=y
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steinberg Cubasis VST US-428 --> C:\PROGRA~1\STEINB~1\CUBASI~1\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASI~1\Install.log
Studio 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL-L0x9 -c
Tony Hawk HelmetCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9A05114-3A25-4DA9-91E1-E547B1483BC2}\setup.exe" -l0x9
US-122 --> C:\Program Files\US122_Install\UnGins.exe "C:\Program Files\US122_Install\install.log"
USB Storage RW --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft Trial --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Trial\Uninstall.exe
XoftSpy 3.42 --> "C:\Program Files\XoftSpy\unins000.exe"
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type13035 / Error
Event Submitted/Written: 08/01/2008 09:56:17 PM
Event ID/Source: 11327 / MsiInstaller
Event Description:
Product: QuarkXPress 6.1 -- Error 1327.Invalid Drive: G:\

Event Record #/Type13025 / Error
Event Submitted/Written: 07/31/2008 03:11:54 AM / 07/31/2008 03:11:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13014 / Error
Event Submitted/Written: 07/29/2008 09:21:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type13006 / Error
Event Submitted/Written: 07/29/2008 07:28:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12986 / Error
Event Submitted/Written: 07/28/2008 08:21:40 PM
Event ID/Source: 0 / SENS
Event Description:
Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.

ServiceStart(): SensInitialize() failed



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type139701 / Error
Event Submitted/Written: 08/03/2008 01:49:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Digital Blue DMC2 Video Device service failed to start due to the following error:
%%1058

Event Record #/Type139700 / Error
Event Submitted/Written: 08/03/2008 01:49:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Universal USB Driver service failed to start due to the following error:
%%1058

Event Record #/Type139699 / Error
Event Submitted/Written: 08/03/2008 01:49:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Westell USB ADSL Loader service failed to start due to the following error:
%%1058

Event Record #/Type139681 / Warning
Event Submitted/Written: 08/03/2008 01:25:12 PM
Event ID/Source: 263 / PlugPlayManager
Event Description:
The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

Event Record #/Type139660 / Error
Event Submitted/Written: 08/03/2008 10:35:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Digital Blue DMC2 Video Device service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-08-03 14:10:20 ------------
  • 0

#23
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [83CB3A8E] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKLM\..\RunServices: [DE994F20] C:\WINDOWS\System32\dbyanyzghffd.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Services] lsrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Services] lsrv.exe (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm205


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, please post a new log of DSS.

Thunderbird1988
  • 0

#24
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Thunderbird1988,

Here it is - I only got a main log this time - no extra log.

Emily


Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-03 19:54:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:52, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\virus busters\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Restore] scrgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Restore] scrgrd.exe (User 'Default user')
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6779 bytes

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 13:39:37 0 d-------- C:\Program Files\Bonjour
2008-07-31 07:30:10 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-07-31 00:46:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-31 00:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 00:46:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:09:06 0 d--h----- C:\$AVG8.VAULT$
2008-07-29 21:00:17 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-29 21:00:16 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-29 20:59:40 0 d-------- C:\Program Files\AVG
2008-07-29 20:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 23:23:11 0 d-------- C:\cmdcons
2008-07-28 23:18:42 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 23:18:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 23:18:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 23:18:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 23:18:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 23:18:42 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 23:18:42 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 23:18:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 21:53:01 0 d-------- C:\WINDOWS\ERUNT
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Favorites
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Desktop
2008-07-28 19:39:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 19:39:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\WINDOWS
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Templates
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Start Menu
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\SendTo
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Recent
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\PrintHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\NetHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\My Documents
2008-07-28 19:39:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 19:39:16 634880 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-03 13:43:01 0 d-------- C:\Program Files\iTunes
2008-08-03 13:42:33 0 d-------- C:\Program Files\iPod
2008-08-03 13:38:28 0 d-------- C:\Program Files\QuickTime
2008-08-01 22:41:56 0 d-a------ C:\Program Files\Common Files\Adobe
2008-08-01 22:41:56 0 d-a------ C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-01 22:39:16 0 d-a------ C:\Program Files\Common Files
2008-07-29 22:07:04 0 d-------- C:\Program Files\Nostra DivX Player
2008-07-29 21:51:29 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-28 21:15:47 0 d-------- C:\Program Files\Azureus
2008-07-28 21:15:31 0 d-------- C:\Program Files\BitComet101
2008-07-27 15:03:35 0 d-a------ C:\Program Files\NoAdware
2008-07-11 22:02:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Games
2008-07-11 21:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:48:38 0 d-a------ C:\Program Files\Coloreal


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
29/07/2008 21:00 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe" [25/02/2003 04:33 C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/12/2004 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/07/2008 21:00]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"BitComet"="C:\Program Files\BitComet101\BitComet.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Restore"=scrgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
"C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"C:\Program Files\Coloreal\coloreal.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49440ca4-25c2-11dd-9c24-000fb5bd8ed4}]
AutoRun\command- I:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe




-- End of Deckard's System Scanner: finished at 2008-08-03 19:55:49 ------------
  • 0

#25
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

Please remove the C:\SDFIX folder. There is an updated version available.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new log of DSS.

Thunderbird1988
  • 0

Advertisements


#26
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello again!

Here we go - still finding things :)


SDFix: Version 1.212
Run by Owner on 03/08/2008 at 21:45

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 22:03:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 27 Jan 2007 128,512 A..H. --- "C:\RECYCLER\S-1-5-21-4010916237-396882819-2523737389-1003\Dc22.tmp"
Sat 7 Jun 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Sep 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 29 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL0004.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL3172.tmp"
Sun 9 Jul 2006 34,816 ...H. --- "C:\Documents and Settings\Owner\My Documents\Em's folder\paypal\~WRL3949.tmp"

Finished!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-03 22:16:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:48, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\virus busters\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Restore] scrgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Restore] scrgrd.exe (User 'Default user')
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6812 bytes

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 13:39:37 0 d-------- C:\Program Files\Bonjour
2008-07-31 07:30:10 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-07-31 00:46:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-31 00:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 00:46:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:09:06 0 d--h----- C:\$AVG8.VAULT$
2008-07-29 21:00:17 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-29 21:00:16 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-29 20:59:40 0 d-------- C:\Program Files\AVG
2008-07-29 20:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 23:23:11 0 d-------- C:\cmdcons
2008-07-28 23:18:42 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 23:18:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 23:18:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 23:18:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 23:18:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 23:18:42 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 23:18:42 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 23:18:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 21:53:01 0 d-------- C:\WINDOWS\ERUNT
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Favorites
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Desktop
2008-07-28 19:39:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 19:39:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\WINDOWS
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Templates
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Start Menu
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\SendTo
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Recent
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\PrintHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\NetHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\My Documents
2008-07-28 19:39:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 19:39:16 634880 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-03 13:43:01 0 d-------- C:\Program Files\iTunes
2008-08-03 13:42:33 0 d-------- C:\Program Files\iPod
2008-08-03 13:38:28 0 d-------- C:\Program Files\QuickTime
2008-08-01 22:41:56 0 d-a------ C:\Program Files\Common Files\Adobe
2008-08-01 22:41:56 0 d-a------ C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-01 22:39:16 0 d-a------ C:\Program Files\Common Files
2008-07-29 22:07:04 0 d-------- C:\Program Files\Nostra DivX Player
2008-07-29 21:51:29 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-28 21:15:47 0 d-------- C:\Program Files\Azureus
2008-07-28 21:15:31 0 d-------- C:\Program Files\BitComet101
2008-07-27 15:03:35 0 d-a------ C:\Program Files\NoAdware
2008-07-11 22:02:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Games
2008-07-11 21:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:48:38 0 d-a------ C:\Program Files\Coloreal


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
29/07/2008 21:00 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe" [25/02/2003 04:33 C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/12/2004 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/07/2008 21:00]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"BitComet"="C:\Program Files\BitComet101\BitComet.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Restore"=scrgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
"C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"C:\Program Files\Coloreal\coloreal.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49440ca4-25c2-11dd-9c24-000fb5bd8ed4}]
AutoRun\command- I:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe




-- End of Deckard's System Scanner: finished at 2008-08-03 22:18:33 ------------

Thanks, Emily
  • 0

#27
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Restore] scrgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Restore] scrgrd.exe (User 'Default user')

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, please post a new DSS log.

Thunderbird1988
  • 0

#28
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello!

Here's the DSS log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-04 20:59:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:45, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\virus busters\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet101\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6623 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-03 13:39:37 0 d-------- C:\Program Files\Bonjour
2008-07-31 07:30:10 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-07-31 00:46:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-31 00:46:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 00:46:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:09:06 0 d--h----- C:\$AVG8.VAULT$
2008-07-29 21:00:17 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-29 21:00:16 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-29 20:59:40 0 d-------- C:\Program Files\AVG
2008-07-29 20:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 23:23:11 0 d-------- C:\cmdcons
2008-07-28 23:18:42 68096 --a------ C:\WINDOWS\zip.exe
2008-07-28 23:18:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-28 23:18:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-28 23:18:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-28 23:18:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-28 23:18:42 98816 --a------ C:\WINDOWS\sed.exe
2008-07-28 23:18:42 80412 --a------ C:\WINDOWS\grep.exe
2008-07-28 23:18:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-28 21:53:01 0 d-------- C:\WINDOWS\ERUNT
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Favorites
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Desktop
2008-07-28 19:39:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 19:39:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 19:39:18 0 d-a------ C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\WINDOWS
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Templates
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Start Menu
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\SendTo
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\Recent
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\PrintHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\NetHood
2008-07-28 19:39:17 0 d-a------ C:\Documents and Settings\Administrator\My Documents
2008-07-28 19:39:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 19:39:16 634880 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-03 13:43:01 0 d-------- C:\Program Files\iTunes
2008-08-03 13:42:33 0 d-------- C:\Program Files\iPod
2008-08-03 13:38:28 0 d-------- C:\Program Files\QuickTime
2008-08-01 22:41:56 0 d-a------ C:\Program Files\Common Files\Adobe
2008-08-01 22:41:56 0 d-a------ C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-01 22:39:16 0 d-a------ C:\Program Files\Common Files
2008-07-29 22:07:04 0 d-------- C:\Program Files\Nostra DivX Player
2008-07-29 21:51:29 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-28 21:15:47 0 d-------- C:\Program Files\Azureus
2008-07-28 21:15:31 0 d-------- C:\Program Files\BitComet101
2008-07-27 15:03:35 0 d-a------ C:\Program Files\NoAdware
2008-07-11 22:02:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Games
2008-07-11 21:48:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 21:48:38 0 d-a------ C:\Program Files\Coloreal


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
29/07/2008 21:00 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3tray2.exe" [25/02/2003 04:33 C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/12/2004 13:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/07/2008 21:00]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"BitComet"="C:\Program Files\BitComet101\BitComet.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
"C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"C:\Program Files\Coloreal\coloreal.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49440ca4-25c2-11dd-9c24-000fb5bd8ed4}]
AutoRun\command- I:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe




-- End of Deckard's System Scanner: finished at 2008-08-04 21:00:36 ------------

Fingers crossed...
  • 0

#29
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Emily,

The log seems to be clean now. (I however still can't guarantee you it is really clean) How is your computer running?

Thunderbird1988
  • 0

#30
emilyb

emilyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hooray! It seems ok. The internet speed is way higher than it has been for ages - it's an old computer but I really need it to stay alive while I find the money for another :) Thank you so much for everything - you've been really patient and helpful!

Best wishes,
Emily
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP