[kahdah]

You only have one malware folder other than that I am just cleaning up what is left over from Prevx and Reg Doctor is Adware.
So we are removing it as well.
AVG antispyware is not available anymore as it is now bundled with AVG Free 8.0 and will no longer be effective.
We will remove it.
Other than that I see no malware present.
======================
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

================
Uninstall these below:
AVG Anti-Spyware 7.5
RegDoctor 1.84
======================
Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\drivers\hosts
  C:\WINDOWS\system32\drivers\pxark.sys 
  C:\Documents and Settings\All Users\Application Data\PrevxCSI
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor
  C:\Program Files\RegDoctor
  CSIScanner <delete service>
  c:\program files\prevxcsi

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============
After that please post back with a new dss log and the OT Move it log and let me know how things are running?

[Advertisements]

C:\WINDOWS\system32\drivers\hosts moved successfully.
C:\WINDOWS\system32\drivers\pxark.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\PrevxCSI moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor\\ deleted successfully.
File/Folder C:\Program Files\RegDoctor not found.
CSIScanner service deleted successfully.
File/Folder c:\program files\prevxcsi not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_091028



Deckard's System Scanner v20071014.68
Run by Anthony on 2008-08-17 09:11:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:54 AM, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Anthony\Desktop\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anthony\Desktop\dss.exe
C:\DOCUME~1\Anthony\Desktop\Anthony.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1215925461312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215925945187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 3700 bytes

-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-16 14:49:04 0 d-------- C:\Program Files\Java
2008-08-16 14:48:03 0 d-------- C:\Program Files\Common Files\Java
2008-08-16 14:44:20 0 d-------- C:\Documents and Settings\Anthony\.SunDownloadManager
2008-08-16 12:12:18 0 d-------- C:\Program Files\Xvid
2008-08-16 12:12:13 0 d-------- C:\Documents and Settings\Anthony\Application Data\Jane s Hotel
2008-08-16 12:12:10 0 dr-h----- C:\Documents and Settings\Anthony\Recent
2008-08-16 12:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-16 12:12:04 0 d-------- C:\Documents and Settings\Anthony\Application Data\True Sword
2008-08-16 11:36:41 0 d-------- C:\Program Files\Advanced Font Viewer
2008-08-09 09:03:01 0 d-------- C:\Program Files\RogueRemover PRO
2008-08-09 09:02:43 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-08-09 08:17:12 0 d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-08-09 08:17:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 08:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 03:38:20 10536 --a------ C:\WINDOWS\system32\drivers\Hmonitor.sys
2008-08-09 03:38:19 0 d-------- C:\Program Files\Hmonitor
2008-08-09 02:29:59 0 d-------- C:\Program Files\Realore
2008-08-09 02:26:13 0 d-------- C:\Program Files\AllMyMovies
2008-08-08 20:06:53 0 d-------- C:\Program Files\True Sword 4
2008-08-08 20:06:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-08 09:14:10 0 d-------- C:\Program Files\SystemRequirementsLab
2008-08-08 09:14:09 0 d-------- C:\Documents and Settings\Anthony\Application Data\SystemRequirementsLab
2008-08-08 09:09:03 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-08-08 04:01:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-08-08 04:00:54 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-08-08 03:46:33 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-08 03:46:31 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-08-08 03:46:31 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-08-08 03:46:31 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-08-08 03:46:30 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-08 03:46:30 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-08-08 03:46:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-08-06 19:05:14 0 d-------- C:\Program Files\CCleaner
2008-08-06 18:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-06 18:45:10 0 d-------- C:\Program Files\Security Task Manager
2008-08-05 19:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-08-05 19:22:34 0 d-------- C:\Documents and Settings\Anthony\Application Data\Nero
2008-08-05 19:20:07 0 d-------- C:\Program Files\Nero
2008-08-05 19:20:07 0 d-------- C:\Program Files\Common Files\Nero
2008-08-05 19:20:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-31 21:01:48 0 d-------- C:\Documents and Settings\Anthony\Application Data\Windows Search
2008-07-29 14:55:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 14:55:26 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-29 14:50:04 0 d-------- C:\Program Files\MSBuild
2008-07-29 14:48:06 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-29 14:47:31 0 d-------- C:\Program Files\Reference Assemblies
2008-07-28 18:32:55 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.DLL <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-07-28 18:32:55 40960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.DLL <Not Verified; CIA, The Company; ciaSubClsSvr>
2008-07-28 18:32:55 692224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-07-28 18:32:54 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-07-28 18:32:54 0 d-------- C:\Program Files\Smart DVD CD Burner
2008-07-28 18:28:00 0 d-------- C:\Program Files\MagicISO
2008-07-27 20:29:00 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-07-27 20:29:00 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-07-27 20:29:00 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-07-27 20:25:46 30140 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-27 20:25:45 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-27 20:25:45 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-07-27 20:22:43 0 d-------- C:\Program Files\Diablo II
2008-07-26 10:51:10 0 d-------- C:\Documents and Settings\Anthony\Application Data\Opera
2008-07-26 10:50:33 0 d-------- C:\Program Files\Opera
2008-07-26 10:22:22 0 d-------- C:\WINDOWS\nvidia icons
2008-07-26 10:21:00 0 d-------- C:\NVIDIA
2008-07-26 08:10:26 0 d-------- C:\Documents and Settings\Anthony\Application Data\Help
2008-07-26 08:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Synthetic Reality
2008-07-25 17:54:41 0 d-------- C:\WINDOWS\Sun
2008-07-25 17:51:03 0 d-------- C:\Documents and Settings\Anthony\Application Data\Sun
2008-07-25 12:56:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-25 12:51:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-07-25 12:50:50 0 d--h----- C:\Documents and Settings\Anthony\Application Data\GTek
2008-07-25 12:50:18 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-25 12:50:18 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-22 02:37:02 0 d-------- C:\Documents and Settings\Anthony\Contacts
2008-07-22 02:36:24 0 d-------- C:\Program Files\MSN Messenger
2008-07-18 03:01:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-17 11:05:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-17 11:05:37 0 d-------- C:\Program Files\Yahoo!
2008-07-17 11:05:28 0 d-------- C:\Documents and Settings\Anthony\Application Data\Skype
2008-07-17 11:05:25 0 d-------- C:\Program Files\Common Files\Skype
2008-07-17 11:05:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-17 11:05:11 0 d-------- C:\Program Files\Skype
2008-07-17 07:24:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-17 07:24:35 0 d-------- C:\Program Files\Logitech
2008-07-17 07:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-17 07:22:39 0 d-------- C:\Program Files\Common Files\logishrd
2008-07-17 07:17:07 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-08-17 09:11:48 0 d-------- C:\Documents and Settings\Anthony\Application Data\uTorrent
2008-08-17 08:24:08 0 d-------- C:\Program Files\Zoom Player
2008-08-16 14:48:03 0 d-------- C:\Program Files\Common Files
2008-08-16 14:13:12 0 d-------- C:\Program Files\Messenger
2008-08-09 03:35:41 0 d-------- C:\Program Files\Starcraft
2008-08-08 09:17:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-08 03:45:21 0 d-------- C:\Program Files\DirectVobSub
2008-08-08 03:45:18 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-08-08 03:45:11 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-08-08 03:45:05 0 d-------- C:\Program Files\SHOUTcast Source
2008-08-08 03:45:00 0 d-------- C:\Program Files\DSP-worx
2008-07-30 18:11:13 0 d-------- C:\Documents and Settings\Anthony\Application Data\Apple Computer
2008-07-26 09:28:19 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-26 09:24:05 0 d-------- C:\Program Files\Emerge Bot 2.3
2008-07-16 21:29:52 0 d-------- C:\Program Files\MSN Webcam Recorder
2008-07-16 12:24:55 0 d-------- C:\Program Files\Windows Media Components
2008-07-16 12:15:35 0 d-------- C:\Documents and Settings\Anthony\Application Data\acccore
2008-07-16 12:15:26 0 d-------- C:\Program Files\AIM6
2008-07-16 12:14:16 0 d-------- C:\Program Files\Common Files\AOL
2008-07-16 10:48:02 0 d-------- C:\Program Files\iTunes
2008-07-16 10:47:49 0 d-------- C:\Program Files\iPod
2008-07-16 10:47:24 0 d-------- C:\Program Files\Bonjour
2008-07-16 10:47:14 0 d-------- C:\Program Files\QuickTime
2008-07-16 10:45:59 0 d-------- C:\Program Files\Apple Software Update
2008-07-16 10:45:25 0 d-------- C:\Program Files\Common Files\Apple
2008-07-16 03:00:36 0 d-------- C:\Program Files\MSXML 4.0
2008-07-13 00:56:25 0 d-------- C:\Program Files\Movie Maker
2008-07-13 00:54:53 0 d-------- C:\Program Files\Windows NT
2008-07-13 00:45:44 0 d-------- C:\Program Files\Winamp
2008-07-13 00:30:08 0 d-------- C:\Documents and Settings\Anthony\Application Data\Macromedia
2008-07-13 00:30:08 0 d-------- C:\Documents and Settings\Anthony\Application Data\Adobe
2008-07-13 00:02:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-13 00:02:04 0 d-------- C:\Documents and Settings\Anthony\Application Data\Mozilla
2008-07-12 21:18:24 0 d-------- C:\Program Files\OGPlanet
2008-07-12 20:27:32 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-12 19:52:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-12 19:48:52 0 d-------- C:\Program Files\Realtek
2008-07-12 19:46:12 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-12 19:46:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-12 19:45:59 0 d-------- C:\Program Files\AMD
2008-07-12 19:45:55 0 d-------- C:\Documents and Settings\Anthony\Application Data\InstallShield
2008-07-12 19:44:42 0 d-------- C:\Documents and Settings\Anthony\Application Data\Identities
2008-07-12 19:40:10 0 d-------- C:\Program Files\microsoft frontpage
2008-07-12 19:39:55 0 -rahs---- C:\MSDOS.SYS
2008-07-12 19:39:55 0 -rahs---- C:\IO.SYS
2008-07-12 19:39:55 0 --a------ C:\CONFIG.SYS
2008-07-12 19:39:55 0 --a------ C:\AUTOEXEC.BAT
2008-07-12 19:38:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-12 19:38:13 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-12 19:37:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-12 19:37:10 0 d-------- C:\Program Files\Online Services
2008-07-12 19:37:02 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-12 14:26:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-12 14:25:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-12 14:25:36 62 --ahs---- C:\Documents and Settings\Anthony\Application Data\desktop.ini
2008-07-12 12:37:05 34807 --a------ C:\WINDOWS\scunin.dat
2008-07-12 12:37:02 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-12 12:37:02 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-12 12:34:02 0 d-------- C:\Program Files\DAEMON Tools
2008-07-12 12:34:02 0 d-------- C:\Program Files\arniWORX
2008-07-12 12:33:39 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-07-12 12:22:04 0 d-------- C:\Program Files\IZArc
2008-07-12 12:09:12 0 d-------- C:\Program Files\DScaler5
2008-07-12 12:09:09 0 d-------- C:\Program Files\RealMedia
2008-07-12 12:08:54 0 d-------- C:\Program Files\Haali


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 01:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"CSIScanner"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"InCDsrv"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVCOMSer"=2 (0x2)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"PREVXAgent"=2 (0x2)
"wscsvc"=2 (0x2)
"idsvc"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - MBR



-- End of Deckard's System Scanner: finished at 2008-08-17 09:12:24 ------------

[atearwhofellnot]

C:\WINDOWS\system32\drivers\hosts moved successfully.
C:\WINDOWS\system32\drivers\pxark.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\PrevxCSI moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor\\ deleted successfully.
File/Folder C:\Program Files\RegDoctor not found.
CSIScanner service deleted successfully.
File/Folder c:\program files\prevxcsi not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_091028



Deckard's System Scanner v20071014.68
Run by Anthony on 2008-08-17 09:11:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:54 AM, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Anthony\Desktop\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anthony\Desktop\dss.exe
C:\DOCUME~1\Anthony\Desktop\Anthony.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1215925461312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215925945187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 3700 bytes

-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

2008-08-16 14:49:04 0 d-------- C:\Program Files\Java
2008-08-16 14:48:03 0 d-------- C:\Program Files\Common Files\Java
2008-08-16 14:44:20 0 d-------- C:\Documents and Settings\Anthony\.SunDownloadManager
2008-08-16 12:12:18 0 d-------- C:\Program Files\Xvid
2008-08-16 12:12:13 0 d-------- C:\Documents and Settings\Anthony\Application Data\Jane s Hotel
2008-08-16 12:12:10 0 dr-h----- C:\Documents and Settings\Anthony\Recent
2008-08-16 12:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-16 12:12:04 0 d-------- C:\Documents and Settings\Anthony\Application Data\True Sword
2008-08-16 11:36:41 0 d-------- C:\Program Files\Advanced Font Viewer
2008-08-09 09:03:01 0 d-------- C:\Program Files\RogueRemover PRO
2008-08-09 09:02:43 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-08-09 08:17:12 0 d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-08-09 08:17:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 08:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 03:38:20 10536 --a------ C:\WINDOWS\system32\drivers\Hmonitor.sys
2008-08-09 03:38:19 0 d-------- C:\Program Files\Hmonitor
2008-08-09 02:29:59 0 d-------- C:\Program Files\Realore
2008-08-09 02:26:13 0 d-------- C:\Program Files\AllMyMovies
2008-08-08 20:06:53 0 d-------- C:\Program Files\True Sword 4
2008-08-08 20:06:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-08 09:14:10 0 d-------- C:\Program Files\SystemRequirementsLab
2008-08-08 09:14:09 0 d-------- C:\Documents and Settings\Anthony\Application Data\SystemRequirementsLab
2008-08-08 09:09:03 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-08-08 04:01:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-08-08 04:00:54 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-08-08 03:46:33 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-08 03:46:31 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-08-08 03:46:31 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-08-08 03:46:31 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-08-08 03:46:30 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-08 03:46:30 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-08-08 03:46:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-08-06 19:05:14 0 d-------- C:\Program Files\CCleaner
2008-08-06 18:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-06 18:45:10 0 d-------- C:\Program Files\Security Task Manager
2008-08-05 19:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-08-05 19:22:34 0 d-------- C:\Documents and Settings\Anthony\Application Data\Nero
2008-08-05 19:20:07 0 d-------- C:\Program Files\Nero
2008-08-05 19:20:07 0 d-------- C:\Program Files\Common Files\Nero
2008-08-05 19:20:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-31 21:01:48 0 d-------- C:\Documents and Settings\Anthony\Application Data\Windows Search
2008-07-29 14:55:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 14:55:26 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-29 14:50:04 0 d-------- C:\Program Files\MSBuild
2008-07-29 14:48:06 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-29 14:47:31 0 d-------- C:\Program Files\Reference Assemblies
2008-07-28 18:32:55 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.DLL <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-07-28 18:32:55 40960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.DLL <Not Verified; CIA, The Company; ciaSubClsSvr>
2008-07-28 18:32:55 692224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-07-28 18:32:54 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-07-28 18:32:54 0 d-------- C:\Program Files\Smart DVD CD Burner
2008-07-28 18:28:00 0 d-------- C:\Program Files\MagicISO
2008-07-27 20:29:00 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-07-27 20:29:00 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-07-27 20:29:00 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-07-27 20:25:46 30140 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-27 20:25:45 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-27 20:25:45 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-07-27 20:22:43 0 d-------- C:\Program Files\Diablo II
2008-07-26 10:51:10 0 d-------- C:\Documents and Settings\Anthony\Application Data\Opera
2008-07-26 10:50:33 0 d-------- C:\Program Files\Opera
2008-07-26 10:22:22 0 d-------- C:\WINDOWS\nvidia icons
2008-07-26 10:21:00 0 d-------- C:\NVIDIA
2008-07-26 08:10:26 0 d-------- C:\Documents and Settings\Anthony\Application Data\Help
2008-07-26 08:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Synthetic Reality
2008-07-25 17:54:41 0 d-------- C:\WINDOWS\Sun
2008-07-25 17:51:03 0 d-------- C:\Documents and Settings\Anthony\Application Data\Sun
2008-07-25 12:56:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-25 12:51:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2008-07-25 12:50:50 0 d--h----- C:\Documents and Settings\Anthony\Application Data\GTek
2008-07-25 12:50:18 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-25 12:50:18 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-22 02:37:02 0 d-------- C:\Documents and Settings\Anthony\Contacts
2008-07-22 02:36:24 0 d-------- C:\Program Files\MSN Messenger
2008-07-18 03:01:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-17 11:05:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-17 11:05:37 0 d-------- C:\Program Files\Yahoo!
2008-07-17 11:05:28 0 d-------- C:\Documents and Settings\Anthony\Application Data\Skype
2008-07-17 11:05:25 0 d-------- C:\Program Files\Common Files\Skype
2008-07-17 11:05:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-17 11:05:11 0 d-------- C:\Program Files\Skype
2008-07-17 07:24:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-17 07:24:35 0 d-------- C:\Program Files\Logitech
2008-07-17 07:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-17 07:22:39 0 d-------- C:\Program Files\Common Files\logishrd
2008-07-17 07:17:07 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-08-17 09:11:48 0 d-------- C:\Documents and Settings\Anthony\Application Data\uTorrent
2008-08-17 08:24:08 0 d-------- C:\Program Files\Zoom Player
2008-08-16 14:48:03 0 d-------- C:\Program Files\Common Files
2008-08-16 14:13:12 0 d-------- C:\Program Files\Messenger
2008-08-09 03:35:41 0 d-------- C:\Program Files\Starcraft
2008-08-08 09:17:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-08 03:45:21 0 d-------- C:\Program Files\DirectVobSub
2008-08-08 03:45:18 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-08-08 03:45:11 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-08-08 03:45:05 0 d-------- C:\Program Files\SHOUTcast Source
2008-08-08 03:45:00 0 d-------- C:\Program Files\DSP-worx
2008-07-30 18:11:13 0 d-------- C:\Documents and Settings\Anthony\Application Data\Apple Computer
2008-07-26 09:28:19 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-26 09:24:05 0 d-------- C:\Program Files\Emerge Bot 2.3
2008-07-16 21:29:52 0 d-------- C:\Program Files\MSN Webcam Recorder
2008-07-16 12:24:55 0 d-------- C:\Program Files\Windows Media Components
2008-07-16 12:15:35 0 d-------- C:\Documents and Settings\Anthony\Application Data\acccore
2008-07-16 12:15:26 0 d-------- C:\Program Files\AIM6
2008-07-16 12:14:16 0 d-------- C:\Program Files\Common Files\AOL
2008-07-16 10:48:02 0 d-------- C:\Program Files\iTunes
2008-07-16 10:47:49 0 d-------- C:\Program Files\iPod
2008-07-16 10:47:24 0 d-------- C:\Program Files\Bonjour
2008-07-16 10:47:14 0 d-------- C:\Program Files\QuickTime
2008-07-16 10:45:59 0 d-------- C:\Program Files\Apple Software Update
2008-07-16 10:45:25 0 d-------- C:\Program Files\Common Files\Apple
2008-07-16 03:00:36 0 d-------- C:\Program Files\MSXML 4.0
2008-07-13 00:56:25 0 d-------- C:\Program Files\Movie Maker
2008-07-13 00:54:53 0 d-------- C:\Program Files\Windows NT
2008-07-13 00:45:44 0 d-------- C:\Program Files\Winamp
2008-07-13 00:30:08 0 d-------- C:\Documents and Settings\Anthony\Application Data\Macromedia
2008-07-13 00:30:08 0 d-------- C:\Documents and Settings\Anthony\Application Data\Adobe
2008-07-13 00:02:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-13 00:02:04 0 d-------- C:\Documents and Settings\Anthony\Application Data\Mozilla
2008-07-12 21:18:24 0 d-------- C:\Program Files\OGPlanet
2008-07-12 20:27:32 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-12 19:52:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-12 19:48:52 0 d-------- C:\Program Files\Realtek
2008-07-12 19:46:12 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-12 19:46:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-12 19:45:59 0 d-------- C:\Program Files\AMD
2008-07-12 19:45:55 0 d-------- C:\Documents and Settings\Anthony\Application Data\InstallShield
2008-07-12 19:44:42 0 d-------- C:\Documents and Settings\Anthony\Application Data\Identities
2008-07-12 19:40:10 0 d-------- C:\Program Files\microsoft frontpage
2008-07-12 19:39:55 0 -rahs---- C:\MSDOS.SYS
2008-07-12 19:39:55 0 -rahs---- C:\IO.SYS
2008-07-12 19:39:55 0 --a------ C:\CONFIG.SYS
2008-07-12 19:39:55 0 --a------ C:\AUTOEXEC.BAT
2008-07-12 19:38:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-12 19:38:13 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-12 19:37:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-12 19:37:10 0 d-------- C:\Program Files\Online Services
2008-07-12 19:37:02 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-12 14:26:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-12 14:25:58 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-12 14:25:36 62 --ahs---- C:\Documents and Settings\Anthony\Application Data\desktop.ini
2008-07-12 12:37:05 34807 --a------ C:\WINDOWS\scunin.dat
2008-07-12 12:37:02 967 --a------ C:\WINDOWS\ScUnin.pif
2008-07-12 12:37:02 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-12 12:34:02 0 d-------- C:\Program Files\DAEMON Tools
2008-07-12 12:34:02 0 d-------- C:\Program Files\arniWORX
2008-07-12 12:33:39 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-07-12 12:22:04 0 d-------- C:\Program Files\IZArc
2008-07-12 12:09:12 0 d-------- C:\Program Files\DScaler5
2008-07-12 12:09:09 0 d-------- C:\Program Files\RealMedia
2008-07-12 12:08:54 0 d-------- C:\Program Files\Haali


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 01:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m‘|\ü

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"CSIScanner"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"InCDsrv"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVCOMSer"=2 (0x2)
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"PREVXAgent"=2 (0x2)
"wscsvc"=2 (0x2)
"idsvc"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - MBR



-- End of Deckard's System Scanner: finished at 2008-08-17 09:12:24 ------------

[atearwhofellnot]

I've had to run Daft again because .reg and .scm/scx (starcraft map extensions)

keep being effected. But I think other than that you are the man Any final tests we can run to ensure I am safe would be great, I need to access my banking but I have been worried about it.

[kahdah]

No worries about your banking as you did not have any evidence of backdoor trojans or keyloggers.
========================
Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart yor computer when prompted.
This will remove what tools we used.
===============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[atearwhofellnot]

Ok, I've installed Spywaregaurd. And Spyware Blaster

Didn't install IE Spyad as I use Mozilla and it is useless for that.

Giving you a donation for saving my *** Thanks so much

[kahdah]

You are welcome and thanks for the donation


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.