Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Popups from Windows Secruity Alert


  • This topic is locked This topic is locked

#1
chansey

chansey

    Member

  • Member
  • PipPip
  • 46 posts
I keep getting blue Windows Security Alert popups reading:

Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.Bankfraud.dq
Trojan-Downloader.Win32.Agent.bq

When I click on the Enable Protection button, it takes me to a website for SmartSoft to buy PC Antispy and PC Clean Pro.

I have ran Malwarebytes, Ad-Aware, SpyHunter, SpyBot, and McAfee and nothing seems to get rid of this problem.

I need this computer for work, and can't work until I am sure that the computer isn't infected with a trojan.

Any suggestions on how to get rid of this?

Thanks in advance.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello chansey

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:13 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ijaxyvif.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxbxcoms.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCfg] C:\WINDOWS\system32\ijaxyvif.exe
O4 - HKCU\..\Run: [WinChk] C:\WINDOWS\system32\buherwho.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: www.westathome.net
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179454563625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...357/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: shinfo - {72343EDA-9896-8690-DE76-09A3BC8E7409} - C:\Program Files\wcwgcsc\shinfo.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0125621218466227) (0125621218466227mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\012562~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12073 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmm I would like to take a deeper look.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Below are the results from the scan.

main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-13 20:31:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 2 Restore Point(s) --
2: 2008-08-09 07:29:44 UTC - RP2 - Last good restore point
1: 2008-08-09 07:29:30 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:15 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ijaxyvif.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCfg] C:\WINDOWS\system32\ijaxyvif.exe
O4 - HKCU\..\Run: [WinChk] C:\WINDOWS\system32\buherwho.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: www.westathome.net
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179454563625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...357/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: shinfo - {72343EDA-9896-8690-DE76-09A3BC8E7409} - C:\Program Files\wcwgcsc\shinfo.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0125621218466227) (0125621218466227mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\012562~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12016 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 genmcmn (Scroll Mouse Driver) - c:\windows\system32\drivers\gmfiltr.sys <Not Verified; KYE Systems Corp.; Scroll Mouse Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 0125621218466227mcinstcleanup (McAfee Application Installer Cleanup (0125621218466227)) - c:\docume~1\owner\locals~1\temp\012562~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 23:55:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-09 15:10:12 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-08-09 15:10:11 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 16:07:00 0 d-------- C:\WINDOWS\LastGood
2008-08-13 13:13:18 0 d-------- C:\Program Files\Trend Micro
2008-08-13 02:48:36 0 d-------- C:\WINDOWS\BDOSCAN8
2008-08-12 21:14:43 0 d-------- C:\Program Files\Panda Security
2008-08-12 17:41:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 12:20:53 0 d-------- C:\WINDOWS\ERUNT
2008-08-11 20:34:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 20:34:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 20:34:24 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-08-11 20:33:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 17:25:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-11 17:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 17:25:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 10:14:39 0 d-------- C:\WINDOWS\McAfee.com
2008-08-09 23:00:48 0 d-------- C:\Program Files\Spyware Doctor
2008-08-09 23:00:48 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-09 19:25:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-08-09 18:03:48 0 d-------- C:\Program Files\Enigma Software Group
2008-08-09 17:26:45 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-09 15:13:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Program Files\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-09 15:09:57 0 d-------- C:\Program Files\McAfee.com
2008-08-09 15:09:48 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-09 15:09:36 0 d-------- C:\Program Files\McAfee
2008-08-09 15:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 12:54:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee
2008-08-09 06:19:52 0 d-------- C:\SDAT
2008-08-09 06:15:55 63425247 --a------ C:\sdat5357.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2008-08-09 05:25:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-08-09 05:11:21 0 d-------- C:\Program Files\AVG
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-08-09 04:03:51 77824 --a------ C:\WINDOWS\system32\buherwho.exe
2008-08-09 00:45:37 13649 --a------ C:\WINDOWS\zijaleke.dat
2008-08-09 00:45:37 13745 --a------ C:\WINDOWS\fyfumi.dat
2008-08-09 00:45:37 10850 --a------ C:\WINDOWS\exuk.reg
2008-08-09 00:45:37 13236 --a------ C:\Program Files\Common Files\tekukon.scr
2008-08-09 00:45:37 16279 --a------ C:\Program Files\Common Files\kisevu.scr
2008-08-09 00:45:37 19051 --a------ C:\Program Files\Common Files\amixo.scr
2008-08-09 00:45:37 13981 --a------ C:\Documents and Settings\Owner\Application Data\tanenovy.bat
2008-08-09 00:45:37 15320 --a------ C:\Documents and Settings\Owner\Application Data\liwikur.reg
2008-08-09 00:45:37 10303 --a------ C:\Documents and Settings\Owner\Application Data\come.exe
2008-08-09 00:08:44 17796 --a------ C:\WINDOWS\xudorilaz.scr
2008-08-09 00:08:44 17547 --a------ C:\WINDOWS\system32\ykyp.com
2008-08-09 00:08:44 10101 --a------ C:\Program Files\Common Files\nuzygelapy.com
2008-08-09 00:04:00 12660 --a------ C:\WINDOWS\uwicy.pif
2008-08-09 00:04:00 13192 --a------ C:\WINDOWS\konisyhar.reg
2008-08-09 00:04:00 16886 --a------ C:\Program Files\Common Files\lonefuse.dll
2008-08-09 00:04:00 19237 --a------ C:\Documents and Settings\Owner\Application Data\ylorasu.exe
2008-08-09 00:04:00 16975 --a------ C:\Documents and Settings\Owner\Application Data\lopogyfejo.exe
2008-08-09 00:03:59 19875 --a------ C:\Program Files\Common Files\uzunumez.com
2008-08-09 00:03:59 17695 --a------ C:\Program Files\Common Files\ezodikat.dat
2008-08-09 00:03:59 15977 --a------ C:\Documents and Settings\Owner\Application Data\vewytek.dll
2008-08-08 23:52:16 73728 --a------ C:\WINDOWS\system32\ijaxyvif.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-13 09:57:44 0 d-------- C:\Program Files\Lx_cats
2008-08-12 17:41:31 0 d-------- C:\Program Files\Lavasoft
2008-08-12 13:47:38 0 d-------- C:\Program Files\Java
2008-08-11 20:33:53 0 d-------- C:\Program Files\Common Files
2008-08-09 21:42:17 0 d-------- C:\Program Files\Web Publish
2008-08-09 11:21:53 0 d-------- C:\Program Files\Viewpoint
2008-08-09 02:44:00 0 d-------- C:\Program Files\eSoftware
2008-08-09 00:45:37 11196 --a------ C:\Program Files\Common Files\nejezuva.inf
2008-08-09 00:45:37 18506 --a------ C:\Program Files\Common Files\hony.ban
2008-08-09 00:08:44 19993 --a------ C:\Program Files\Common Files\qewig.ban
2008-08-09 00:08:44 12612 --a------ C:\Documents and Settings\Owner\Application Data\avej.ban
2008-08-05 20:42:31 0 d-------- C:\Program Files\mirc616
2008-08-03 09:16:56 0 d-------- C:\Program Files\QuickTime
2008-07-27 14:56:04 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-27 14:56:03 88 -r-hs---- C:\WINDOWS\system32\A5D3FCA00E.sys
2008-07-15 16:26:08 0 d-------- C:\Program Files\iTunes


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [07/14/2003 08:52 PM C:\WINDOWS\ltmsg.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2003 10:50 PM]
"nwiz"="nwiz.exe" [12/05/2003 10:50 PM C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 04:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 10:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"MsgCfg"="C:\WINDOWS\system32\ijaxyvif.exe" [08/08/2008 11:52 PM]
"WinChk"="C:\WINDOWS\system32\buherwho.exe" [08/09/2008 04:03 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe [10/22/2004 5:32:51 AM]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [1/28/2004 3:29:45 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [10/12/2004 5:13:15 AM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [8/14/2004 7:05:47 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 3:19:24 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 7:49:48 AM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2/3/2003 11:29:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"shinfo"= {72343EDA-9896-8690-DE76-09A3BC8E7409} - C:\Program Files\wcwgcsc\shinfo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=karina.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

*Newly Created Service* - PAVBOOT



-- End of Deckard's System Scanner: finished at 2008-08-13 20:34:42 ------------

------------------------------------------------------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 703.36 MiB / 317.51 MiB
Pagefile Memory (total/avail): 977.32 MiB / 504.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.31 GiB total, 40.19 GiB free.
D: is Fixed (FAT32) - 4.2 GiB total, 0.6 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 4.21 GiB - D:
\PARTITION1 (bootable) - Installable File System - 70.31 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: AVG Anti-Virus v8.0 (AVG Technologies) Outdated
AV: Norton Internet Security v2007 (Symantec Corporation)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\m6.16\\mirc.exe"="C:\\Program Files\\m6.16\\mirc.exe:*:Enabled:mIRC"
"C:\\trivbot2001v22\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v22\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\m6.16\\inkytrivia\\mirc32.exe"="C:\\Program Files\\m6.16\\inkytrivia\\mirc32.exe:*:Enabled:mIRC"
"C:\\Program Files\\mbabotr\\mIRC\\mirc.exe"="C:\\Program Files\\mbabotr\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\trivbot2001v2_41\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_41\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\trivbot2001v2_41 copy\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_41 copy\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lxbxcoms.exe"="C:\\WINDOWS\\system32\\lxbxcoms.exe:*:Enabled:7100 Series Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE:*:Enabled:7100 Series Printer Status"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DC8786E-35D6-4E50-9301-627AAF99D852}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8008FE43-F06B-45F9-8464-20AFD27DEE53}\setup.exe" -l0x9 anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DA84FEC-670A-441B-ACC1-D0FE8C977492}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,[email protected]
ABBYY FineReader 6.0 Sprint Plus --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar --> C:\Program Files\AIM Toolbar\uninstall.exe
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Blackhawk Striker from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F07504C6-20C5-4BFE-83A0-523FB2455E72\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Boss! 1.1 --> MsiExec.exe /I{674CA57D-D132-11D4-A4ED-00C04F25604E}
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
CoffeeCup PixConverter --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\pixinst.log
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support --> C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cook'n with Betty Crocker --> C:\PROGRA~1\DVO\COOK'N~1\UNWISE.EXE C:\PROGRA~1\DVO\COOK'N~1\INSTALL.LOG
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
DOC to Image Converter 2.0 --> "C:\Program Files\PDF-Convert\doc2img\unins000.exe"
Dorland's Electronic Medical Speller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB8E8981-6DB3-462A-A6F7-5AA2F419E48F}\setup.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Encyclopaedia Britannica 2005 Standard Edition CD-ROM --> "C:\Program Files\Britannica 2005\Standard CD\UninstallerData\Uninstall Encyclopaedia Britannica 2005 Standard Edition CD-ROM.exe"
Excavation from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C679AA5F-C2C8-4EA8-9CD1-504A39AEC264\Uninstall.exe"
Eyetide Viewer --> C:\PROGRA~1\EYETID~1\EYETID~1\UNWISE.EXE C:\PROGRA~1\EYETID~1\EYETID~1\INSTALL.LOG
Five Card Frenzy from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LeapFTP --> C:\WINDOWS\unleap.exe C:\Program Files\LeapFTP1\LeapFTP\install.log
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 7100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbxUNST.EXE -NOLICENSE
Lexmark 7100 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{316A75E3-039D-4BF4-AC29-3FF91E8555CD} /l1033 /z/U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\m6.16\mirc.exe" -uninstall
Mshow Client --> C:\PROGRA~1\MSHOWC~1\UNWISE.EXE C:\PROGRA~1\MSHOWC~1\INSTALL.LOG
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
MyWrapper Platinum 1.0 --> "C:\Program Files\MyWrapperPlatinum\unins000.exe"
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetZero Search Enhancements --> C:\Program Files\NZSearch\Uninstall.exe
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD-B66C-43840D472758\Uninstall.exe"
Outburst --> C:\PROGRA~1\INFOGR~1\Outburst\UNWISE.EXE C:\PROGRA~1\INFOGR~1\Outburst\INSTALL.LOG
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photo Explosion SE 2.0 --> MsiExec.exe /X{DD040AAA-F295-492B-AD91-C8DC24488273}
PhotoShow Express --> "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PictureToTV --> MsiExec.exe /X{323109CE-D868-46D9-BF21-BA7DDDCB4235}
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
PrintMaster 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}\setup.exe" -l0x9 anything
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RapidPlayer v4.0 ActiveX Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RTC Client API v1.2 Setup --> MsiExec.exe /I{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}
RUMBA SecureRedirector Client --> C:\Program Files\WallData\Cyberprise\shared\system\SRClientUninstall.exe C:\Program Files\WallData\Cyberprise\shared\system\SRInst.log
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung Samples Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
Scrapbook Factory 3.0 --> MsiExec.exe /X{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}
Scroll Mouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78DFE6C0-E0BC-11D4-91F5-00C0DF4C00AE}\setup.exe" UNINST
SecureNNTP Tunnel --> C:\Program Files\SecureNNTP Tunnel\UnInstall_18983.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 6.0 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SurferNETWORK Player --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SurferNETWORK Player\Uninst.isu"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Time Stamp 3.12 --> C:\PROGRA~1\TIMEST~1\UNWISE.EXE C:\PROGRA~1\TIMEST~1\INSTALL.LOG
Trivia Machine --> "C:\Program Files\MSN Games\Trivia Machine\Uninstall.exe" "C:\Program Files\MSN Games\Trivia Machine\install.log"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Walgreens PhotoShow Express 4 --> "C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\Uninstall.exe"
Weight Commander 8.0 --> C:\PROGRA~1\WEIGHT~1\Setup.exe /remove
West at Home Gateway V2 --> rundll32.exe dfshim.dll,ShArpMaintain WelcomeHome.PRODUCTION.application, Culture=neutral, PublicKeyToken=ed341256229a5208, processorArchitecture=x86
WildTangent GameChannel (remove only) --> "C:\Program Files\WildTangent
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi it appears that you have more than one antivirus running.
I will need you to uninstall all but one of them.
This alone can cause major problems and it offers less protection.
Do this before proceeding please.
==================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ijaxyvif.exe
    C:\Program Files\wcwgcsc
    C:\WINDOWS\system32\buherwho.exe
    C:\WINDOWS\zijaleke.dat
    C:\WINDOWS\fyfumi.dat
    C:\WINDOWS\exuk.reg
    C:\Program Files\Common Files\tekukon.scr
    C:\Program Files\Common Files\kisevu.scr
    C:\Program Files\Common Files\amixo.scr
    C:\Documents and Settings\Owner\Application Data\tanenovy.bat
    C:\Documents and Settings\Owner\Application Data\liwikur.reg
    C:\Documents and Settings\Owner\Application Data\come.exe
    C:\WINDOWS\xudorilaz.scr
    C:\WINDOWS\system32\ykyp.com
    C:\Program Files\Common Files\nuzygelapy.com
    C:\WINDOWS\uwicy.pif
    C:\WINDOWS\konisyhar.reg
    C:\Program Files\Common Files\lonefuse.dll
    C:\Documents and Settings\Owner\Application Data\ylorasu.exe
    C:\Documents and Settings\Owner\Application Data\lopogyfejo.exe
    C:\Program Files\Common Files\uzunumez.com
    C:\Program Files\Common Files\ezodikat.dat
    C:\Documents and Settings\Owner\Application Data\vewytek.dll
    C:\WINDOWS\system32\ijaxyvif.exe
    C:\Program Files\Common Files\nejezuva.inf
    C:\Program Files\Common Files\hony.ban
    C:\Program Files\Common Files\qewig.ban
    C:\Documents and Settings\Owner\Application Data\avej.ban
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D
    D:\Info.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
======================
Post back with those logs and a new Dss log please.
  • 0

#7
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I hope this doesn't sound too dumb, but I thought that I only had McAfee Antivirus running. How do I figure out which other antivirus systems are running?
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
These were shown in the Dss scan log they may just be leftovers thoug but double check in the Add\Remove programs list to see if they are present.
AV: AVG Anti-Virus v8.0 (AVG Technologies) Outdated
AV: Norton Internet Security v2007 (Symantec Corporation)

  • 0

#9
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
These two had a notice of a bad image, and the only option I had was to click OK:
c:/ProgramFiles/CommonFiles/lonefuse.dll is not a valid windows image. Please check this against your installation diskette.
c:/Documents&Settings/Owner/ApplicationData/vewytek.dll

OTMoveIt2 Log:

C:\WINDOWS\system32\ijaxyvif.exe moved successfully.
File/Folder C:\Program Files\wcwgcsc not found.
C:\WINDOWS\system32\buherwho.exe moved successfully.
C:\WINDOWS\zijaleke.dat moved successfully.
C:\WINDOWS\fyfumi.dat moved successfully.
C:\WINDOWS\exuk.reg moved successfully.
C:\Program Files\Common Files\tekukon.scr moved successfully.
C:\Program Files\Common Files\kisevu.scr moved successfully.
C:\Program Files\Common Files\amixo.scr moved successfully.
C:\Documents and Settings\Owner\Application Data\tanenovy.bat moved successfully.
C:\Documents and Settings\Owner\Application Data\liwikur.reg moved successfully.
C:\Documents and Settings\Owner\Application Data\come.exe moved successfully.
C:\WINDOWS\xudorilaz.scr moved successfully.
C:\WINDOWS\system32\ykyp.com moved successfully.
C:\Program Files\Common Files\nuzygelapy.com moved successfully.
C:\WINDOWS\uwicy.pif moved successfully.
C:\WINDOWS\konisyhar.reg moved successfully.
LoadLibrary failed for C:\Program Files\Common Files\lonefuse.dll
C:\Program Files\Common Files\lonefuse.dll NOT unregistered.
C:\Program Files\Common Files\lonefuse.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\ylorasu.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\lopogyfejo.exe moved successfully.
C:\Program Files\Common Files\uzunumez.com moved successfully.
C:\Program Files\Common Files\ezodikat.dat moved successfully.
LoadLibrary failed for C:\Documents and Settings\Owner\Application Data\vewytek.dll
C:\Documents and Settings\Owner\Application Data\vewytek.dll NOT unregistered.
C:\Documents and Settings\Owner\Application Data\vewytek.dll moved successfully.
File/Folder C:\WINDOWS\system32\ijaxyvif.exe not found.
C:\Program Files\Common Files\nejezuva.inf moved successfully.
C:\Program Files\Common Files\hony.ban moved successfully.
C:\Program Files\Common Files\qewig.ban moved successfully.
C:\Documents and Settings\Owner\Application Data\avej.ban moved successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
D:\Info.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_214653


Will paste Malwarebytes report when it finishes.
  • 0

#10
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Malwarebytes' Anti-Malware 1.24
Database version: 1051
Windows 5.1.2600 Service Pack 2

10:16:19 PM 8/13/2008
mbam-log-8-13-2008 (22-16-19).txt

Scan type: Quick Scan
Objects scanned: 47090
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-13 22:17:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:02 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ijaxyvif.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsgCfg] C:\WINDOWS\system32\ijaxyvif.exe
O4 - HKCU\..\Run: [WinChk] C:\WINDOWS\system32\buherwho.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: www.westathome.net
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179454563625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...357/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: shinfo - {72343EDA-9896-8690-DE76-09A3BC8E7409} - C:\Program Files\wcwgcsc\shinfo.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0125621218466227) (0125621218466227mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\012562~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12032 bytes

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 16:07:00 0 d-------- C:\WINDOWS\LastGood
2008-08-13 13:13:18 0 d-------- C:\Program Files\Trend Micro
2008-08-13 02:48:36 0 d-------- C:\WINDOWS\BDOSCAN8
2008-08-12 21:14:43 0 d-------- C:\Program Files\Panda Security
2008-08-12 17:41:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 12:20:53 0 d-------- C:\WINDOWS\ERUNT
2008-08-11 20:34:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 20:34:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 20:34:24 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-08-11 20:33:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 17:25:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-11 17:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 17:25:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 10:14:39 0 d-------- C:\WINDOWS\McAfee.com
2008-08-09 23:00:48 0 d-------- C:\Program Files\Spyware Doctor
2008-08-09 23:00:48 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-09 19:25:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-08-09 18:03:48 0 d-------- C:\Program Files\Enigma Software Group
2008-08-09 17:26:45 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-09 15:13:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Program Files\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-09 15:09:57 0 d-------- C:\Program Files\McAfee.com
2008-08-09 15:09:48 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-09 15:09:36 0 d-------- C:\Program Files\McAfee
2008-08-09 15:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 12:54:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee
2008-08-09 06:19:52 0 d-------- C:\SDAT
2008-08-09 06:15:55 63425247 --a------ C:\sdat5357.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2008-08-09 05:25:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7


-- Find3M Report ---------------------------------------------------------------

2008-08-13 21:49:46 0 d-------- C:\Program Files\Common Files
2008-08-13 21:40:47 0 d-------- C:\Program Files\Lx_cats
2008-08-12 17:41:31 0 d-------- C:\Program Files\Lavasoft
2008-08-12 13:47:38 0 d-------- C:\Program Files\Java
2008-08-09 21:42:17 0 d-------- C:\Program Files\Web Publish
2008-08-09 11:21:53 0 d-------- C:\Program Files\Viewpoint
2008-08-09 02:44:00 0 d-------- C:\Program Files\eSoftware
2008-08-05 20:42:31 0 d-------- C:\Program Files\mirc616
2008-08-03 09:16:56 0 d-------- C:\Program Files\QuickTime
2008-07-27 14:56:04 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-27 14:56:03 88 -r-hs---- C:\WINDOWS\system32\A5D3FCA00E.sys
2008-07-15 16:26:08 0 d-------- C:\Program Files\iTunes


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [07/14/2003 08:52 PM C:\WINDOWS\ltmsg.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2003 10:50 PM]
"nwiz"="nwiz.exe" [12/05/2003 10:50 PM C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 04:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 10:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"MsgCfg"="C:\WINDOWS\system32\ijaxyvif.exe" []
"WinChk"="C:\WINDOWS\system32\buherwho.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe [10/22/2004 5:32:51 AM]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [1/28/2004 3:29:45 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [10/12/2004 5:13:15 AM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [8/14/2004 7:05:47 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 3:19:24 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 7:49:48 AM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2/3/2003 11:29:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"shinfo"= {72343EDA-9896-8690-DE76-09A3BC8E7409} - C:\Program Files\wcwgcsc\shinfo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=karina.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f6f2b4-ec8f-11d8-b215-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

*Newly Created Service* - PAVBOOT



-- End of Deckard's System Scanner: finished at 2008-08-13 22:18:45 ------------

There was no extra log.
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease uninstall Viewpoint and anything that says Viewpoint in it.
======================
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f6f2b4-ec8f-11d8-b215-806d6172696f}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\shinfo
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MsgCfg
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinChk
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
    C:\Program Files\Viewpoint
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
============================
After that please post one more dss log and let me know if things are back to normal?
  • 0

#12
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I removed the Viewpoint from add/remove.

Here is the MoveIt results.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f6f2b4-ec8f-11d8-b215-806d6172696f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f6f2b4-ec8f-11d8-b215-806d6172696f}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\shinfo >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\shinfo deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MsgCfg >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MsgCfg deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinChk >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinChk deleted successfully.
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\\ not found.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_055759
  • 0

#13
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here is the dss log. So far there have been no popups, but will report back one more time to let you know. Thank you.



Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-14 06:02:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:07 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: www.westathome.net
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179454563625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...357/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0125621218466227) (0125621218466227mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\012562~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11491 bytes

-- Files created between 2008-07-14 and 2008-08-14 -----------------------------

2008-08-13 13:13:18 0 d-------- C:\Program Files\Trend Micro
2008-08-13 02:48:36 0 d-------- C:\WINDOWS\BDOSCAN8
2008-08-12 21:14:43 0 d-------- C:\Program Files\Panda Security
2008-08-12 17:41:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-12 12:20:53 0 d-------- C:\WINDOWS\ERUNT
2008-08-11 20:34:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 20:34:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 20:34:24 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-08-11 20:33:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 17:25:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-11 17:25:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 17:25:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 10:14:39 0 d-------- C:\WINDOWS\McAfee.com
2008-08-09 23:00:48 0 d-------- C:\Program Files\Spyware Doctor
2008-08-09 23:00:48 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-08-09 19:25:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-08-09 18:03:48 0 d-------- C:\Program Files\Enigma Software Group
2008-08-09 17:26:45 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-09 15:13:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Program Files\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-08-09 15:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-09 15:09:57 0 d-------- C:\Program Files\McAfee.com
2008-08-09 15:09:48 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-09 15:09:36 0 d-------- C:\Program Files\McAfee
2008-08-09 15:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-09 12:54:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data\McAfee
2008-08-09 06:19:52 0 d-------- C:\SDAT
2008-08-09 06:15:55 63425247 --a------ C:\sdat5357.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2008-08-09 05:25:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 05:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7


-- Find3M Report ---------------------------------------------------------------

2008-08-14 03:08:46 0 d-------- C:\Program Files\Messenger
2008-08-13 21:49:46 0 d-------- C:\Program Files\Common Files
2008-08-13 21:40:47 0 d-------- C:\Program Files\Lx_cats
2008-08-12 17:41:31 0 d-------- C:\Program Files\Lavasoft
2008-08-12 13:47:38 0 d-------- C:\Program Files\Java
2008-08-09 21:42:17 0 d-------- C:\Program Files\Web Publish
2008-08-09 02:44:00 0 d-------- C:\Program Files\eSoftware
2008-08-05 20:42:31 0 d-------- C:\Program Files\mirc616
2008-08-03 09:16:56 0 d-------- C:\Program Files\QuickTime
2008-07-27 14:56:04 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-27 14:56:03 88 -r-hs---- C:\WINDOWS\system32\A5D3FCA00E.sys
2008-07-15 16:26:08 0 d-------- C:\Program Files\iTunes


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [07/14/2003 08:52 PM C:\WINDOWS\ltmsg.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [12/05/2003 10:50 PM]
"nwiz"="nwiz.exe" [12/05/2003 10:50 PM C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 04:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 10:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe [10/22/2004 5:32:51 AM]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [1/28/2004 3:29:45 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [10/12/2004 5:13:15 AM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [8/14/2004 7:05:47 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 3:19:24 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 7:49:48 AM]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2/3/2003 11:29:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-14 06:03:55 ------------
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to this entry below:

O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)



Now click on Fix Checked and then close Hijackthis.
==================================
Report back to me about the popups and we will wrap it up :)
  • 0

#15
chansey

chansey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I think the problem has been resolved. I have not had any popups at all. Thank you so much for your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP