Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups n more

Started by Joshua C , Feb 27 2008 11:47 AM

  • Please log in to reply

#1
Joshua C
Posted 27 February 2008 - 11:47 AM

Joshua C

    Member

  • Member
  • PipPip
  • 35 posts
OK ,

I would try to fix this myself but im just clueless.
We had an issue with some pop ups a while back. we deleted every thing, unstalled some toolbars and its been fine.
but last night some thing happened to my mother computer and her log looks 50% worse then it did before.

Any help would mean the world.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:11 AM, on 2/27/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\S2ltYmVybHk\command.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
C:\Program Files\MSN\horyhyt77798.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\DOBE~1\rundll.exe
C:\WINDOWS\system32\S?mantec\m?config.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Documents and Settings\Kimberly\Application Data\Microsoft\Windows\flhhg.exe
C:\PROGRA~1\COMMON~1\fqrk\fqrkm.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kimberly\Application Data\WinTouch\WinTouch.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [a47dfd46] rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
O4 - HKLM\..\Run: [horyhyt] C:\Program Files\MSN\horyhyt77798.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Oftouru] "C:\Documents and Settings\Kimberly\Application Data\?ppPatch\?ervices.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\DOBE~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Tpbwxr] C:\WINDOWS\system32\S?mantec\m?config.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Kimberly\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Kimberly\Application Data\Microsoft\Windows\flhhg.exe
O4 - HKCU\..\Run: [fqrk] C:\PROGRA~1\COMMON~1\fqrk\fqrkm.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2ltYmVybHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 6484 bytes
  • 0

Advertisements

#2
Chopin
Posted 27 February 2008 - 07:24 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Joshua C, welcome to Geeks to Go! You have a LOT of stuff on there, so let's go for an all-purpose scan first.

1. Scan with ComboFix
------------------------------------------------
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Joshua C
Posted 28 February 2008 - 02:33 PM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ComboFix 08-02-25.3 - Kimberly 2008-02-28 13:12:28.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.129 [GMT -5:00]
Running from: C:\Documents and Settings\Kimberly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\diskdumpp.sys
C:\WINDOWS\system32\ljjkjii.dll
C:\WINDOWS\system32\ursqr.dll
C:\WINDOWS\system32\yommmuct.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Kimberly\Application Data\SCURIT~1
C:\Documents and Settings\Kimberly\Application Data\SCURIT~1\?ti2evxx.exe
C:\Documents and Settings\Kimberly\Application Data\WinTouch
C:\Documents and Settings\Kimberly\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Kimberly\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Kimberly\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Kimberly\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Kimberly\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Kimberly\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fqrk
C:\Program Files\Common Files\fqrk\fqrka.exe
C:\Program Files\Common Files\fqrk\fqrka.lck
C:\Program Files\Common Files\fqrk\fqrkd\class-barrel
C:\Program Files\Common Files\fqrk\fqrkd\fqrkc.dll
C:\Program Files\Common Files\fqrk\fqrkd\vocabulary
C:\Program Files\Common Files\fqrk\fqrkl.exe
C:\Program Files\Common Files\fqrk\fqrkl.lck
C:\Program Files\Common Files\fqrk\fqrkm.exe
C:\Program Files\Common Files\fqrk\fqrkm.lck
C:\Program Files\Common Files\fqrk\fqrkp.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\emg.exe
C:\Program Files\inetget2\Installeur.exe
C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe
C:\Program Files\inetget2\stub109_4_0_4_0.exe
C:\Program Files\Internet Explorer\hekyr89104.dll
C:\Program Files\MSN Gaming Zone\lavul.dll
C:\Program Files\MSN Gaming Zone\lavul200.dll
C:\Program Files\MSN Gaming Zone\lavul766.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Outlook Express\hekyr777444.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\dobe~1\rundll.exe
C:\WINDOWS\fqrk
C:\WINDOWS\fqrk\fqrk.dat
C:\WINDOWS\fqrk\wu
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\S2ltYmVybHk\
C:\WINDOWS\S2ltYmVybHk\\asappsrv.dll
C:\WINDOWS\S2ltYmVybHk\\command.exe
C:\WINDOWS\S2ltYmVybHk\\mZ5QsApVvJ4.vbs
C:\WINDOWS\S2ltYmVybHk\command.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bnnruvcl.dll
C:\WINDOWS\system32\bpbeueyk.dll
C:\WINDOWS\system32\loqgtntx.dll
C:\WINDOWS\system32\mqjqsnap.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pansqjqm.dll
C:\WINDOWS\system32\pkpgbdyy.dll
C:\WINDOWS\system32\qihxvnln.dll
C:\WINDOWS\system32\qvbb.dll
C:\WINDOWS\system32\rqsru.ini
C:\WINDOWS\system32\rqsru.ini2
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vtuvwtq.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xakxmusi.dll
C:\WINDOWS\system32\xtntgqol.ini
C:\WINDOWS\system32\yommmuct.dllbox
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DISKDUMPP
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\diskdumpp
-------\Network Monitor




((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 11:54 . 2008-02-28 12:36 <DIR> d-------- C:\ComboFix(2)
2008-02-27 14:30 . 2008-02-27 14:30 <DIR> d-------- C:\Program Files\Quick StartUp
2008-02-27 09:37 . 2008-02-27 09:37 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-02-27 07:35 . 2008-02-28 07:37 49 --a------ C:\WINDOWS\BMa74eceda.xml
2008-02-27 07:35 . 2008-02-28 12:01 21 --a------ C:\WINDOWS\pskt.ini
2008-02-27 07:34 . 2008-02-27 07:34 <DIR> d-------- C:\Program Files\NoDNS
2008-02-27 07:27 . 2008-02-27 07:27 <DIR> d-------- C:\Program Files\Paltalk Messenger Interop
2008-02-27 07:25 . 2008-02-27 07:25 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-27 07:25 . 2008-02-27 07:25 <DIR> d-------- C:\Program Files\JavaCore
2008-02-27 07:23 . 2008-02-27 07:26 <DIR> d-------- C:\Program Files\RABCO
2008-02-27 07:22 . 2008-02-27 07:22 <DIR> d-------- C:\WINDOWS\system32\jk8
2008-02-27 07:22 . 2008-02-27 07:22 <DIR> d-------- C:\WINDOWS\system32\hc4
2008-02-27 07:22 . 2008-02-27 07:22 <DIR> d-------- C:\WINDOWS\system32\fs7
2008-02-27 07:22 . 2008-02-27 07:22 <DIR> d-------- C:\WINDOWS\system32\ax3
2008-02-27 07:21 . 2008-02-27 07:21 <DIR> d-------- C:\WINDOWS\system32\iDlo01
2008-02-27 07:21 . 2008-02-27 07:22 <DIR> d-------- C:\Temp\sanR24
2008-02-22 05:47 . 2008-02-22 05:47 <DIR> d-------- C:\WUTemp
2008-02-22 05:47 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-02-22 05:47 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-02-22 05:44 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-22 05:44 . 2002-08-29 01:50 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-21 16:26 . 2008-02-21 16:26 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 14:52 . 2008-02-21 14:52 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-21 14:36 . 2008-02-21 14:37 <DIR> d-------- C:\Program Files\QuickTime
2008-02-21 14:36 . 2008-02-21 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 09:13 . 2008-02-21 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 09:12 . 2008-02-21 09:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 09:12 . 2008-02-21 09:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 09:12 . 2008-02-21 09:12 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-18 13:11 . 2004-03-10 01:45 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-18 12:34 . 2008-02-18 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 12:34 . 2008-02-28 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 12:34 . 2008-02-21 09:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 12:30 . 2008-02-18 12:30 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 17:31 . 2008-02-16 17:31 <DIR> d-------- C:\Program Files\PeaZip
2008-02-15 10:57 . 2008-02-18 13:11 <DIR> d-------- C:\Program Files\Auto Greeter
2008-02-15 10:57 . 2004-03-10 01:45 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-02-15 09:17 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-12 00:02 . 2008-02-12 00:18 <DIR> d-------- C:\Documents and Settings\Kimberly\.housecall6.6
2008-02-12 00:01 . 2008-02-12 00:01 <DIR> d-------- C:\WINDOWS\Sun
2008-02-12 00:00 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-11 23:58 . 2008-02-12 00:00 <DIR> d-------- C:\Program Files\Java
2008-02-11 23:58 . 2008-02-11 23:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-11 23:57 . 2008-02-12 00:04 1,397 --a------ C:\WINDOWS\mozver.dat
2008-02-11 12:20 . 2008-02-11 12:20 <DIR> d-------- C:\ie-spyad
2008-02-11 12:09 . 2008-02-28 06:05 <DIR> d-------- C:\Program Files\LogMeIn
2008-02-11 12:09 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-02-11 12:09 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-11 12:09 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-11 12:09 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-11 12:09 . 2008-02-11 12:09 1,024 --a------ C:\.rnd
2008-02-10 13:17 . 2008-02-10 13:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 10:47 . 2008-02-10 10:47 <DIR> d---s---- C:\Documents and Settings\Kimberly\UserData
2008-02-10 10:30 . 2008-02-10 10:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 20:25 . 2008-02-10 06:15 <DIR> d-------- C:\Program Files\SpywareGuard
2008-02-09 20:10 . 2008-02-10 13:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-09 20:10 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-09 20:10 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-02-09 19:39 . 2008-02-09 19:39 34,816 --a------ C:\wintlsu.exe
2008-02-09 19:39 . 2008-02-09 19:39 4 --a------ C:\WINDOWS\system32\SvcNm
2008-02-09 14:48 . 2008-02-09 14:48 6,029,648 --a------ C:\WINDOWS\system32\Firefox Setup 2.0.0.12.exe
2008-02-09 11:04 . 2008-02-09 11:04 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 11:03 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-02-09 11:03 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-09 11:03 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-09 11:03 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-09 11:03 . 2008-02-09 11:04 46,592 --a------ C:\WINDOWS\system32\drivers\dhlp.sys
2008-02-09 10:57 . 2008-02-09 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-09 10:53 . 2008-02-28 12:03 <DIR> d-------- C:\Temp
2008-02-09 08:35 . 2008-02-18 09:59 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-02-09 08:35 . 2008-02-21 09:21 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-02-09 08:35 . 2008-02-09 08:38 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-08 17:34 . 2008-02-28 13:39 9 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F06BFA31-CB6A-4C0B-80B3-8C5BC76C03C6}
2008-02-08 17:30 . 2008-02-08 17:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-08 17:30 . 2008-02-08 17:30 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-08 17:21 . 2008-02-08 17:21 4 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D41A3268-B87D-4205-8E56-3828882A4E10}
2008-02-08 16:27 . 2008-02-08 17:41 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\MSN6
2008-02-08 16:27 . 2008-02-08 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-08 16:25 . 2008-02-08 16:57 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{89E59345-5857-4226-9BA1-6EF31A395C98}
2008-02-08 16:21 . 2004-08-19 12:46 212,992 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-02-08 16:18 . 2008-02-28 13:38 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-08 14:25 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-02-08 14:25 . 2007-09-05 18:13 679,936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-02-08 14:25 . 2007-08-14 13:26 262,144 --a------ C:\WINDOWS\system32\wnicapi.dll
2008-02-08 14:25 . 2007-08-20 17:41 233,472 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-02-08 14:25 . 2007-05-12 13:33 217,088 --a------ C:\WINDOWS\system32\aIPH.dll
2008-02-08 14:25 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-02-08 14:25 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-02-08 14:25 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-02-08 14:24 . 2008-02-21 14:38 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 14:24 . 2008-02-08 17:31 <DIR> d-------- C:\Program Files\D-Link
2008-02-08 14:24 . 2008-02-08 16:20 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-02-08 14:24 . 2008-02-08 14:25 <DIR> d-------- C:\Program Files\ANI
2008-02-08 14:24 . 2008-02-08 14:24 <DIR> d-------- C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 14:11 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-08 14:09 . 2008-02-21 14:37 <DIR> d--hs---- C:\WINDOWS\Installer
2008-02-08 14:05 . 2008-02-08 14:05 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-02-08 14:03 . 2008-02-08 14:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 12:44 10 ----a-w C:\Program Files\.autoreg
2008-02-14 16:24 8,282 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\incstore.bin
2008-02-08 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-08 18:55 558,142 ----a-w C:\WINDOWS\java\Packages\IGQ8SOR1.ZIP
2008-02-08 18:55 155,995 ----a-w C:\WINDOWS\java\Packages\ZXJH7RJD.ZIP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
2008-01-30 14:02 414992 --a------ C:\Program Files\RABCO\RABCO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"Tart"="C:\Documents and Settings\Kimberly\Application Data\s?curity\?ti2evxx.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [2007-08-29 15:16 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-08-18 11:47 1249280]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-21 14:37 155648]

C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 15:34:40 10252288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"a47dfd46"=rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
"NBInstall"=C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
"horyhyt"=C:\Program Files\MSN\horyhyt77798.exe

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2002-09-03 12:05]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\System32\DRIVERS\A3AB.sys [2004-08-11 14:27]
R3 atirage;atirage;C:\WINDOWS\System32\DRIVERS\atiragem.sys [2001-08-17 07:48]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\System32\drivers\ES1370MP.sys [2001-08-17 07:19]
R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\System32\DRIVERS\jswscimd.sys [2007-07-06 17:30]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-17 08:47]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 13:39:05
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wpabaln.exe
.
**************************************************************************
.
Completion time: 2008-02-28 13:41:40 - machine was rebooted [Kimberly]
ComboFix-quarantined-files.txt 2008-02-28 18:41:32
ComboFix2.txt 2008-02-21 14:11:47
ComboFix3.txt 2008-02-10 21:41:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:28 PM, on 2/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tart] "C:\Documents and Settings\Kimberly\Application Data\s?curity\?ti2evxx.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 4724 bytes
  • 0

#4
Chopin
Posted 02 March 2008 - 11:04 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Joshua C, nice job with that but there's still work to be done :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O4 - HKCU\..\Run: [Tart] "C:\Documents and Settings\Kimberly\Application Data\s?curity\?ti2evxx.exe"
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Run OTMoveIt2
------------------------------------------------
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Rabio

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Kimberly\Application Data\s?curity /u
    C:\WINDOWS\system32\S?mantec /u

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

  • On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
  • The entire scanning process will take about five minutes, often less.
  • During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
  • Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
  • Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.
On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

In your next post
------------------------------------------------
  • OTMoveIt2 log
  • DSS main.txt and extra.txt

  • 0

#5
Joshua C
Posted 03 March 2008 - 12:42 PM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Deckard's System Scanner v20071014.68
Run by Kimberly on 2008-03-03 12:11:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
43: 2008-03-03 17:11:27 UTC - RP43 - Deckard's System Scanner Restore Point
42: 2008-03-02 23:11:04 UTC - RP42 - System Checkpoint
41: 2008-03-01 21:05:09 UTC - RP41 - System Checkpoint
40: 2008-02-29 20:45:34 UTC - RP40 - System Checkpoint
39: 2008-02-28 16:59:27 UTC - RP39 - ComboFix created restore point


-- First Restore Point --
1: 2008-02-27 12:32:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 320 MiB (512 MiB recommended).


-- HijackThis (run as Kimberly.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:36 PM, on 3/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Kimberly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kimberly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 3385 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080303-120555-124 O15 - Trusted Zone: *.avsystemcare.com
backup-20080303-120555-282 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080303-120555-287 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080303-120555-299 O15 - Trusted Zone: *.imageservr.com
backup-20080303-120555-315 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080303-120555-367 O15 - Trusted Zone: *.amaena.com
backup-20080303-120555-511 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080303-120555-529 O15 - Trusted Zone: *.onerateld.com
backup-20080303-120555-530 O15 - Trusted Zone: *.safetydownload.com
backup-20080303-120555-554 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080303-120555-608 O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx
backup-20080303-120555-707 O15 - Trusted Zone: *.imagesrvr.com
backup-20080303-120555-729 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080303-120555-736 O15 - Trusted Zone: *.virusschlacht.com
backup-20080303-120555-742 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080303-120555-758 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080303-120555-796 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080303-120555-868 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080303-120555-904 O15 - Trusted Zone: *.gomyhit.com
backup-20080303-120555-920 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080303-120555-998 O15 - Trusted Zone: *.virusschlacht.com (HKLM)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\kimberly\locals~1\temp\catchme.sys (file missing)
S3 TnIDriver - c:\docume~1\kimberly\locals~1\temp\tni63.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm


-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-02 10:53:00 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 10:52:37 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 17:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-01 17:21:57 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 12:13:49 0 d-------- C:\Hp Printer Drives DeskJet 3520
2008-02-28 11:54:04 0 d-------- C:\ComboFix(2)
2008-02-27 14:30:48 0 d-------- C:\Program Files\Quick StartUp
2008-02-27 09:37:27 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-02-27 07:34:26 0 d-------- C:\Program Files\NoDNS
2008-02-27 07:27:16 0 d-------- C:\Program Files\Paltalk Messenger Interop
2008-02-27 07:25:57 0 d-------- C:\Program Files\xInsIDE
2008-02-27 07:25:51 0 d-------- C:\Program Files\JavaCore
2008-02-27 07:23:33 0 d-------- C:\Program Files\RABCO
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\jk8
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\hc4
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\fs7
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\ax3
2008-02-27 07:21:39 0 d-------- C:\WINDOWS\System32\iDlo01
2008-02-26 07:13:35 2936 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-02-22 05:47:45 0 d-------- C:\WUTemp
2008-02-21 16:26:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 14:52:55 0 d--hs---- C:\WINDOWS\ftpcache
2008-02-21 14:36:36 0 d-------- C:\Program Files\QuickTime
2008-02-21 14:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 09:13:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 09:12:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 09:12:55 0 d-------- C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-21 09:12:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 12:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 12:30:25 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 17:31:29 0 d-------- C:\Program Files\PeaZip
2008-02-15 10:57:22 0 d-------- C:\Program Files\Auto Greeter
2008-02-15 09:17:47 21312 --a------ C:\WINDOWS\choice.exe
2008-02-15 09:11:02 0 dr-hs---- C:\cmdcons
2008-02-15 09:11:00 0 d-------- C:\WINDOWS\setup.pss
2008-02-15 09:10:49 0 d-------- C:\WINDOWS\setupupd
2008-02-12 11:22:06 0 d-------- C:\Documents and Settings\Ron\Application Data\Macromedia
2008-02-12 11:22:05 0 d-------- C:\Documents and Settings\Ron\Application Data\Adobe
2008-02-12 11:20:16 0 d-------- C:\Documents and Settings\Ron\Application Data\Mozilla
2008-02-12 00:02:43 0 d-------- C:\Documents and Settings\Kimberly\.housecall6.6
2008-02-12 00:01:29 0 d-------- C:\WINDOWS\Sun
2008-02-12 00:01:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Sun
2008-02-11 23:58:48 0 d-------- C:\Program Files\Java
2008-02-11 23:58:12 0 d-------- C:\Program Files\Common Files\Java
2008-02-11 23:57:30 1397 --a------ C:\WINDOWS\mozver.dat
2008-02-11 12:20:32 0 d-------- C:\ie-spyad
2008-02-11 12:09:21 0 d-------- C:\Program Files\LogMeIn
2008-02-10 15:15:10 68096 --a------ C:\WINDOWS\System32\zip.exe
2008-02-10 15:15:10 98816 --a------ C:\WINDOWS\System32\sed.exe
2008-02-10 15:15:10 80412 --a------ C:\WINDOWS\System32\grep.exe
2008-02-10 15:15:10 73728 --a------ C:\WINDOWS\System32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-10 13:31:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-02-10 13:17:10 0 d-------- C:\Program Files\Trend Micro
2008-02-10 10:47:38 0 d---s---- C:\Documents and Settings\Kimberly\UserData
2008-02-10 10:30:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 10:29:58 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Mozilla
2008-02-10 06:37:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-02-09 20:25:01 0 d-------- C:\Program Files\SpywareGuard
2008-02-09 20:10:42 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-02-09 20:10:38 0 d-------- C:\Program Files\SpywareBlaster
2008-02-09 19:39:53 4 --a------ C:\WINDOWS\System32\SvcNm
2008-02-09 19:39:39 34816 --a------ C:\wintlsu.exe
2008-02-09 14:47:29 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-02-09 14:46:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-09 14:29:48 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-09 11:41:08 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-02-09 11:04:15 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 11:03:59 46592 --a------ C:\WINDOWS\System32\drivers\dhlp.sys <Not Verified; ; DHLP>
2008-02-09 10:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-09 10:53:37 0 d-------- C:\Temp
2008-02-09 09:46:23 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Macromedia
2008-02-09 09:46:22 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Adobe
2008-02-09 08:35:10 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-09 08:35:01 0 d-------- C:\WINDOWS\PaltalkScene
2008-02-09 08:35:00 0 d-------- C:\Program Files\Paltalk Messenger
2008-02-08 17:34:52 9 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{F06BFA31-CB6A-4C0B-80B3-8C5BC76C03C6}
2008-02-08 17:30:19 0 d-------- C:\WINDOWS\Internet Logs
2008-02-08 17:21:23 4 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{D41A3268-B87D-4205-8E56-3828882A4E10}
2008-02-08 16:27:06 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-08 16:27:05 0 d-------- C:\Documents and Settings\Ron\Application Data\MSN6
2008-02-08 16:25:31 7 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{89E59345-5857-4226-9BA1-6EF31A395C98}
2008-02-08 16:21:02 212992 --a------ C:\WINDOWS\System32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2008-02-08 16:18:14 7 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME
2008-02-08 16:06:01 0 d-------- C:\Documents and Settings\Ron\Application Data\Identities
2008-02-08 16:05:39 0 dr------- C:\Documents and Settings\Ron\Favorites
2008-02-08 16:05:39 0 d-------- C:\Documents and Settings\Ron\Desktop
2008-02-08 16:05:39 0 d---s---- C:\Documents and Settings\Ron\Cookies
2008-02-08 16:05:39 0 dr-h----- C:\Documents and Settings\Ron\Application Data
2008-02-08 16:05:39 0 d---s---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\Templates
2008-02-08 16:05:38 0 dr------- C:\Documents and Settings\Ron\Start Menu
2008-02-08 16:05:38 0 dr-h----- C:\Documents and Settings\Ron\SendTo
2008-02-08 16:05:38 0 dr-h----- C:\Documents and Settings\Ron\Recent
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\PrintHood
2008-02-08 16:05:38 2097152 --ah----- C:\Documents and Settings\Ron\NTUSER.DAT
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\NetHood
2008-02-08 16:05:38 0 dr------- C:\Documents and Settings\Ron\My Documents
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\Local Settings
2008-02-08 14:25:01 262144 --a------ C:\WINDOWS\System32\wnicapi.dll <Not Verified; Wireless Service; WNICAPI Dynamic Link Library>
2008-02-08 14:25:01 217088 --a------ C:\WINDOWS\System32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-02-08 14:25:00 233472 --a------ C:\WINDOWS\System32\WlanApp.dll <Not Verified; ; WlanApp Dynamic Link Library>
2008-02-08 14:25:00 1327189 --a------ C:\WINDOWS\System32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-02-08 14:25:00 49152 --a------ C:\WINDOWS\System32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-02-08 14:25:00 49152 --a------ C:\WINDOWS\System32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-02-08 14:25:00 679936 --a------ C:\WINDOWS\System32\ANIWZCS2.dll <Not Verified; Wireless Service; ANIWZCS Dynamic Link Library>
2008-02-08 14:25:00 45115 --a------ C:\WINDOWS\System32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-02-08 14:24:41 48128 --a------ C:\WINDOWS\System32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-08 14:24:41 11904 --a------ C:\WINDOWS\System32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-02-08 14:24:41 28195 --a------ C:\WINDOWS\System32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-08 14:24:41 0 d-------- C:\Program Files\ANI
2008-02-08 14:24:33 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-08 14:24:29 405583 --a------ C:\WINDOWS\System32\jswscsup.dll <Not Verified; Atheros Communications, Inc.; JSCSCSUP>
2008-02-08 14:24:28 24576 --a------ C:\WINDOWS\System32\DWLInst.dll <Not Verified; D-Link Corporation; D-Link CoInstaller DLL>
2008-02-08 14:24:28 36864 --a------ C:\WINDOWS\System32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-02-08 14:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 14:24:28 0 d-------- C:\Program Files\D-Link
2008-02-08 14:24:17 0 d-------- C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 14:09:43 0 d--hs---- C:\WINDOWS\Installer
2008-02-08 14:09:36 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Identities
2008-02-08 14:09:01 0 dr------- C:\Documents and Settings\Kimberly\Favorites
2008-02-08 14:09:01 0 d-------- C:\Documents and Settings\Kimberly\Desktop
2008-02-08 14:09:01 0 d---s---- C:\Documents and Settings\Kimberly\Cookies
2008-02-08 14:09:01 0 dr-h----- C:\Documents and Settings\Kimberly\Application Data
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\Templates
2008-02-08 14:09:00 0 dr------- C:\Documents and Settings\Kimberly\Start Menu
2008-02-08 14:09:00 0 dr-h----- C:\Documents and Settings\Kimberly\SendTo
2008-02-08 14:09:00 0 dr-h----- C:\Documents and Settings\Kimberly\Recent
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\PrintHood
2008-02-08 14:09:00 4456448 --ah----- C:\Documents and Settings\Kimberly\NTUSER.DAT
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\NetHood
2008-02-08 14:09:00 0 dr------- C:\Documents and Settings\Kimberly\My Documents
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\Local Settings
2008-02-08 14:05:10 0 d---s---- C:\WINDOWS\System32\Microsoft
2008-02-08 14:03:35 0 d--hs---- C:\System Volume Information
2008-02-08 14:03:34 0 d-------- C:\WINDOWS\Prefetch
2008-02-08 14:03:32 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-08 14:03:32 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-08 14:03:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-02-08 14:03:32 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-08 14:03:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-08 14:03:31 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-08 14:03:31 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-08 14:03:31 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-02-08 14:03:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-08 14:03:31 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-08 13:56:00 0 d-------- C:\WINDOWS\System32\xircom
2008-02-08 13:56:00 0 d-------- C:\Program Files\microsoft frontpage
2008-02-08 13:55:50 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-08 13:55:50 0 d-------- C:\DELL
2008-02-08 13:55:33 0 -rahs---- C:\MSDOS.SYS
2008-02-08 13:55:33 0 -rahs---- C:\IO.SYS
2008-02-08 13:55:33 0 --a------ C:\CONFIG.SYS
2008-02-08 13:55:33 0 --a------ C:\AUTOEXEC.BAT
2008-02-08 13:53:17 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-08 13:52:50 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-08 13:52:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-08 13:51:39 0 d-------- C:\WINDOWS\System32\DirectX
2008-02-08 13:50:34 0 d---s---- C:\WINDOWS\Tasks
2008-02-08 13:50:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-08 13:50:24 0 d-------- C:\WINDOWS\srchasst
2008-02-08 13:50:23 0 d-------- C:\WINDOWS\System32\Macromed
2008-02-08 13:50:21 0 d-------- C:\Program Files\Movie Maker
2008-02-08 13:50:15 0 d-------- C:\WINDOWS\System32\Restore
2008-02-08 13:50:15 0 d-------- C:\WINDOWS\PCHealth
2008-02-08 13:49:45 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-02-08 13:49:22 0 d-------- C:\WINDOWS\Registration
2008-02-08 13:48:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-08 13:48:04 0 d-------- C:\Program Files\Online Services
2008-02-08 13:47:54 0 d-------- C:\Program Files\Messenger
2008-02-08 13:47:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-08 13:46:45 0 d-------- C:\Program Files\Windows NT
2008-02-08 13:46:40 0 d-------- C:\WINDOWS\System32\MsDtc
2008-02-08 13:46:39 0 d-------- C:\WINDOWS\System32\Com
2008-02-08 08:34:29 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-08 08:34:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-08 08:34:22 0 dr------- C:\Program Files
2008-02-08 08:34:22 0 d-------- C:\Program Files\Common Files
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-08 08:33:38 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-08 08:33:38 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-08 08:33:38 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-08 08:32:49 0 d-------- C:\WINDOWS\System32\CatRoot2
2008-02-08 08:32:49 0 d-------- C:\WINDOWS\System32\CatRoot
2008-02-08 08:32:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-08 08:32:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-08 08:32:43 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-08 08:32:43 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-08 08:31:54 0 d-------- C:\Documents and Settings
2008-02-08 08:21:26 0 d-------- C:\WINDOWS
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\WinSxS
2008-02-08 08:21:26 0 dr------- C:\WINDOWS\Web
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\twain_32
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\system32
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\wins
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\wbem
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\usmt
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\spool
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ShellExt
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\Setup
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ras
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\oobe
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\npp
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\mui
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\inetsrv
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\IME
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\icsxml
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ias
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\export
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers\etc
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers\disdn
2008-02-08 08:21:26 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\dhcp
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\config
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\3com_dmi
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\3076
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\2052
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1054
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1042
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1041
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1037
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1033
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1031
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1028
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1025
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\system
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\security
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Resources
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\repair
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\mui
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\msapps
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\msagent
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Media
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\java
2008-02-08 08:21:26 0 d--h----- C:\WINDOWS\inf
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\ime
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Help
2008-02-08 08:21:26 0 dr--s---- C:\WINDOWS\Fonts
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Driver Cache
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Debug
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Cursors
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Config
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\AppPatch
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-02-27 07:44:13 10 --a------ C:\Program Files\.autoreg <AUTORE~1>
2008-02-08 08:33:38 62 --ahs---- C:\Documents and Settings\Kimberly\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
01/30/2008 02:02 PM 414992 --a------ C:\Program Files\RABCO\RABCO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [08/29/2007 03:16 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [08/18/2004 11:47 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 03:08 PM]

C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [12/11/2007 3:34:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"a47dfd46"=rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
"NBInstall"=C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
"horyhyt"=C:\Program Files\MSN\horyhyt77798.exe




-- End of Deckard's System Scanner: finished at 2008-03-03 12:19:49 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 319.46 MiB / 118.59 MiB
Pagefile Memory (total/avail): 774.83 MiB / 603.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.46 MiB

C: is Fixed (NTFS) - 28.63 GiB total, 25.26 GiB free.
D: is Fixed (NTFS) - 1.51 GiB total, 0.71 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Conner Peripherals 1620MB - CFS1621A - 1547.44 MiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 1547.41 MiB - D:

\\.\PHYSICALDRIVE0 - WDC WD307AA-00BAA0 - 28.64 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.63 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kimberly\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMBERLY-28GW9Y
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kimberly
LOGONSERVER=\\KIMBERLY-28GW9Y
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\MOZILL~1;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Mozilla Firefox
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
USERDOMAIN=KIMBERLY-28GW9Y
USERNAME=Kimberly
USERPROFILE=C:\Documents and Settings\Kimberly
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kimberly (admin)
Ron (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Auto Greeter --> "C:\Program Files\Auto Greeter\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PeaZip 1.11 --> "C:\Program Files\PeaZip\unins000.exe"
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RABCO --> "C:\Program Files\RABCO\un_RABCOSetup_16230.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WinTouch --> C:\Documents and Settings\Kimberly\Application Data\WinTouch\WTUninstaller.exe
Wireless G WDA-1320 --> C:\Program Files\InstallShield Installation Information\{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}\setup.exe -runfromtemp -l0x0009 -removeonly
xInsIDE --> "C:\Program Files\xInsIDE\xInsIDE.exe" -uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type344 / Warning
Event Submitted/Written: 03/02/2008 03:09:47 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type343 / Error
Event Submitted/Written: 03/02/2008 03:09:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module QuickTime.qts, version 7.0.3.50, hang address 0x000c7ade.

Event Record #/Type328 / Warning
Event Submitted/Written: 02/29/2008 11:32:20 AM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 10 days.

Event Record #/Type311 / Error
Event Submitted/Written: 02/28/2008 09:13:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type310 / Error
Event Submitted/Written: 02/28/2008 09:13:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2620 / Warning
Event Submitted/Written: 02/29/2008 07:37:36 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type2619 / Warning
Event Submitted/Written: 02/29/2008 07:37:36 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type2618 / Warning
Event Submitted/Written: 02/29/2008 07:37:35 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type2617 / Warning
Event Submitted/Written: 02/29/2008 07:37:34 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type2616 / Warning
Event Submitted/Written: 02/29/2008 07:37:33 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-03-03 12:19:49 ------------

OT Log
File/Folder C:\Program Files\Rabio not found.
[Custom Input]
< C:\Documents and Settings\Kimberly\Application Data\s?curity /u >
File/Folder C:\Documents and Settings\Kimberly\Application Data\s?curity not found.
< C:\WINDOWS\system32\S?mantec /u >
File/Folder C:\WINDOWS\system32\S?mantec not found.

OTMoveIt2 v1.0.20 log created on 03032008_120846
  • 0

#6
Chopin
Posted 12 March 2008 - 03:14 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Joshua C, sorry about the small delay :) Your logs are not bad but still could be better :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Upload File at UploadMalware
------------------------------------------------
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\POTA777444.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
2. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. Fix File Associations
------------------------------------------------
Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%Userprofile%\Desktop\dss.exe" /daft

Accept the disclaimer, and click the "Scan" button. Place a checkmark next to everything that appears and press "Fix". Afterwards, close the window.

4. Run OTMoveIt2
------------------------------------------------
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled
    C:\Program Files\RABCO
    C:\Documents and Settings\All Users\Application Data\Rabio

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity

  • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

5. Scan with ActiveScan
------------------------------------------------
Please go HERE to run Panda's ActiveScan.

Note:You must use Internet Explorer for this scan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

6. Remove Nasty Programs
------------------------------------------------
There is one nasty program on your computer, so we should uninstall it :)

Please go to Start > Run. In the box that appears, type appwiz.cpl and press Enter. When the list finishes loading, uninstall these programs:

RABCO

Most likely, you will get an error message saying that it might have been already removed; in this case just press OK.

Reboot your computer.

In your next post
------------------------------------------------
  • OTMoveIt2 log
  • ActiveScan log
  • DSS main.txt (double-click the program)

  • 0

#7
Joshua C
Posted 14 March 2008 - 08:11 PM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok File Uploaded And here are the Logs



OT Log
File/Folder HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled not found.
C:\Program Files\RABCO moved successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer moved successfully.
C:\Documents and Settings\All Users\Application Data\Rabio moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.20 log created on 03142008_133259
=================================================

DAFT Log saved on 2008-03-14 13:31:56
-----------------------------------------------------------------------
All associations okay!

==================================================

I have uploaded the Active Scan as an attachment.

Attached Files


  • 0

#8
Chopin
Posted 16 March 2008 - 09:59 AM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Joshua C, looking better :)

1. Run OTMoveIt2
------------------------------------------------
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\MSN\horyhyt77798.exe
    C:\WINDOWS\system32\ax3\dincomsdll3.exe
    C:\WINDOWS\system32\drivers\dhlp.sys
    C:\WINDOWS\system32\iDlo01\iDlo011065.exe
    C:\wintlsu.exe

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2. Re-scan with DSS
------------------------------------------------
Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)

In your next post
------------------------------------------------
  • OTMoveIt2 log
  • DSS main.txt and extra.txt

  • 0

#9
Joshua C
Posted 16 March 2008 - 05:29 PM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ot log
C:\Program Files\MSN\horyhyt77798.exe moved successfully.
C:\WINDOWS\system32\ax3\dincomsdll3.exe moved successfully.
C:\WINDOWS\system32\drivers\dhlp.sys moved successfully.
File/Folder C:\WINDOWS\system32\iDlo01\iDlo011065.exe not found.
C:\wintlsu.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 03162008_163752
====================================================================
Dss Main Log

Deckard's System Scanner v20071014.68
Run by Kimberly on 2008-03-16 16:39:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
57: 2008-03-16 20:39:53 UTC - RP57 - Deckard's System Scanner Restore Point
56: 2008-03-16 03:34:42 UTC - RP56 - System Checkpoint
55: 2008-03-15 01:18:45 UTC - RP55 - System Checkpoint
54: 2008-03-12 11:22:52 UTC - RP54 - System Checkpoint
53: 2008-03-09 23:00:09 UTC - RP53 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-27 12:32:35 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 320 MiB (512 MiB recommended).


-- HijackThis (run as Kimberly.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:12 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Kimberly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kimberly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 3297 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080303-120555-124 O15 - Trusted Zone: *.avsystemcare.com
backup-20080303-120555-282 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080303-120555-287 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080303-120555-299 O15 - Trusted Zone: *.imageservr.com
backup-20080303-120555-315 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080303-120555-367 O15 - Trusted Zone: *.amaena.com
backup-20080303-120555-511 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080303-120555-529 O15 - Trusted Zone: *.onerateld.com
backup-20080303-120555-530 O15 - Trusted Zone: *.safetydownload.com
backup-20080303-120555-554 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080303-120555-608 O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx
backup-20080303-120555-707 O15 - Trusted Zone: *.imagesrvr.com
backup-20080303-120555-729 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080303-120555-736 O15 - Trusted Zone: *.virusschlacht.com
backup-20080303-120555-742 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080303-120555-758 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080303-120555-796 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080303-120555-868 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080303-120555-904 O15 - Trusted Zone: *.gomyhit.com
backup-20080303-120555-920 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080303-120555-998 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080314-133632-255 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
backup-20080314-133632-313 O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
backup-20080314-133632-413 O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll (file missing)
backup-20080314-133632-533 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080314-133633-859 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080314-133634-653 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080314-133634-671 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205016163281
backup-20080314-133636-773 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205016140638
backup-20080314-133637-489 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080314-133638-791 O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nnrnstdi - c:\windows\system32\drivers\nnrnstdi.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 km_filter - c:\windows\system32\drivers\km_filter.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\kimberly\locals~1\temp\catchme.sys (file missing)
S3 TnIDriver - c:\docume~1\kimberly\locals~1\temp\tni63.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 420)
2007-06-08 10:45:08 344064 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\communication.dll <Not Verified; ; NielsenOnline>
2007-11-16 19:55:40 212992 --a------ C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll <Not Verified; ; NielsenOnline>
2007-06-08 10:45:46 143360 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nphooks.dll <Not Verified; NetRatings, Inc.; NielsenOnline>
2007-06-08 10:45:18 221184 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nscore.dll <Not Verified; NetRatings, Inc.; NielsenOnline>
2006-12-20 14:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-10 17:00:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-16 and 2008-03-16 -----------------------------

2008-03-14 13:58:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-13 20:12:04 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-09 15:52:23 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 15:40:08 0 d-------- C:\Program Files\Apple Software Update
2008-03-09 15:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-09 15:11:48 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-09 15:10:02 0 d-------- C:\WINDOWS\Prefetch
2008-03-09 14:49:44 0 d-------- C:\WINDOWS\peernet
2008-03-09 14:49:39 0 d-------- C:\WINDOWS\provisioning
2008-03-09 14:40:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-09 14:28:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-09 14:18:20 0 d-------- C:\WINDOWS\EHome
2008-03-09 10:50:58 0 d-------- C:\WINDOWS\system32\bits
2008-03-09 10:46:23 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-09 10:45:10 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 18:42:36 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-08 18:40:31 0 d---s---- C:\Documents and Settings\Ron\UserData
2008-03-08 00:06:23 13312 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
2008-03-08 00:06:22 8832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
2008-03-08 00:02:00 49152 --a------ C:\WINDOWS\nswatchdog.exe
2008-03-08 00:02:00 0 d-------- C:\Program Files\NetRatingsNetSight
2008-03-07 15:50:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\LimeWire
2008-03-07 15:47:15 0 d-------- C:\Program Files\LimeWire
2008-03-04 16:33:14 0 d-------- C:\Documents and Settings\Ron\Application Data\Thunderbird
2008-03-02 11:53:00 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 11:52:37 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 18:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-01 18:21:57 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 13:13:49 0 d-------- C:\Hp Printer Drives DeskJet 3520
2008-02-28 12:54:04 0 d-------- C:\ComboFix(2)
2008-02-27 15:30:48 0 d-------- C:\Program Files\Quick StartUp
2008-02-27 10:37:27 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-02-27 08:34:26 0 d-------- C:\Program Files\NoDNS
2008-02-27 08:27:16 0 d-------- C:\Program Files\Paltalk Messenger Interop
2008-02-27 08:25:57 0 d-------- C:\Program Files\xInsIDE
2008-02-27 08:25:51 0 d-------- C:\Program Files\JavaCore
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\jk8
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\hc4
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\fs7
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\ax3
2008-02-27 08:21:39 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-26 08:13:35 2932 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-02-22 06:47:45 0 d-------- C:\WUTemp
2008-02-21 17:26:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 15:52:55 0 d--hs---- C:\WINDOWS\ftpcache
2008-02-21 15:36:36 0 d-------- C:\Program Files\QuickTime
2008-02-21 15:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 10:13:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 10:12:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 10:12:55 0 d-------- C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-21 10:12:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 13:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 13:30:25 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 18:31:29 0 d-------- C:\Program Files\PeaZip


-- Find3M Report ---------------------------------------------------------------

2008-03-16 08:33:59 9 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F06BFA31-CB6A-4C0B-80B3-8C5BC76C03C6}
2008-03-16 08:33:50 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-03-16 00:17:22 0 d-------- C:\Program Files\LogMeIn
2008-03-14 19:30:47 0 d-------- C:\Program Files\SpywareGuard
2008-03-09 19:21:28 0 d-------- C:\Program Files\Messenger
2008-03-09 15:38:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 14:49:49 0 d-------- C:\Program Files\Movie Maker
2008-03-09 14:39:27 0 d-------- C:\Program Files\Windows NT
2008-03-08 18:43:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-02 11:53:12 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Mozilla
2008-02-28 13:15:19 0 d-------- C:\Program Files\Common Files
2008-02-28 13:13:35 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-27 08:44:13 10 --a------ C:\Program Files\.autoreg
2008-02-21 10:21:26 0 d-------- C:\Program Files\Paltalk Messenger
2008-02-18 14:11:33 0 d-------- C:\Program Files\Auto Greeter
2008-02-12 01:04:06 1397 --a------ C:\WINDOWS\mozver.dat
2008-02-12 01:01:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Sun
2008-02-12 01:00:03 0 d-------- C:\Program Files\Java
2008-02-12 00:58:12 0 d-------- C:\Program Files\Common Files\Java
2008-02-10 14:17:10 0 d-------- C:\Program Files\Trend Micro
2008-02-10 14:15:46 0 d-------- C:\Program Files\SpywareBlaster
2008-02-10 11:30:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 20:39:53 4 --a------ C:\WINDOWS\system32\SvcNm
2008-02-09 10:46:23 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Macromedia
2008-02-09 10:46:22 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Adobe
2008-02-09 09:38:25 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-08 18:31:47 0 d-------- C:\Program Files\D-Link
2008-02-08 18:21:31 4 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D41A3268-B87D-4205-8E56-3828882A4E10}
2008-02-08 17:57:28 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{89E59345-5857-4226-9BA1-6EF31A395C98}
2008-02-08 17:20:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-08 15:25:00 0 d-------- C:\Program Files\ANI
2008-02-08 15:24:17 0 d-------- C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 15:09:36 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Identities
2008-02-08 14:56:00 0 d-------- C:\Program Files\microsoft frontpage
2008-02-08 14:55:33 0 -rahs---- C:\MSDOS.SYS
2008-02-08 14:55:33 0 -rahs---- C:\IO.SYS
2008-02-08 14:55:33 0 --a------ C:\CONFIG.SYS
2008-02-08 14:55:33 0 --a------ C:\AUTOEXEC.BAT
2008-02-08 14:52:17 0 d-------- C:\Program Files\Online Services
2008-02-08 14:50:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-08 14:49:45 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-08 09:34:29 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-08 09:34:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-08 09:33:38 62 --ahs---- C:\Documents and Settings\Kimberly\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [08/29/2007 04:16 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 12:49 PM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [08/18/2004 12:47 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [11/16/2007 07:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/07/2008 11:38 PM]

C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 02:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"a47dfd46"=rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
"NBInstall"=C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
"horyhyt"=C:\Program Files\MSN\horyhyt77798.exe




-- End of Deckard's System Scanner: finished at 2008-03-16 16:51:06 ------------
====================================================================

DSS extra Log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 319.46 MiB / 109.73 MiB
Pagefile Memory (total/avail): 776.53 MiB / 562.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.32 MiB

C: is Fixed (NTFS) - 28.63 GiB total, 22.28 GiB free.
D: is Fixed (NTFS) - 1.51 GiB total, 0.69 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - Conner Peripherals 1620MB - CFS1621A - 1547.44 MiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 1547.41 MiB - D:

\\.\PHYSICALDRIVE0 - WDC WD307AA-00BAA0 - 28.64 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.63 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kimberly\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMBERLY-28GW9Y
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kimberly
LOGONSERVER=\\KIMBERLY-28GW9Y
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
USERDOMAIN=KIMBERLY-28GW9Y
USERNAME=Kimberly
USERPROFILE=C:\Documents and Settings\Kimberly
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kimberly (admin)
Ron (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Auto Greeter --> "C:\Program Files\Auto Greeter\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Nielsen//NetRatings --> C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeaZip 1.11 --> "C:\Program Files\PeaZip\unins000.exe"
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WinTouch --> C:\Documents and Settings\Kimberly\Application Data\WinTouch\WTUninstaller.exe
Wireless G WDA-1320 --> C:\Program Files\InstallShield Installation Information\{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}\setup.exe -runfromtemp -l0x0009 -removeonly
xInsIDE --> "C:\Program Files\xInsIDE\xInsIDE.exe" -uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type456 / Error
Event Submitted/Written: 03/14/2008 01:30:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type446 / Warning
Event Submitted/Written: 03/12/2008 05:06:24 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type444 / Warning
Event Submitted/Written: 03/12/2008 07:06:23 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type429 / Warning
Event Submitted/Written: 03/10/2008 06:38:05 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type414 / Warning
Event Submitted/Written: 03/09/2008 06:59:06 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3691 / Error
Event Submitted/Written: 03/14/2008 08:47:24 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type3690 / Error
Event Submitted/Written: 03/14/2008 08:47:24 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type3689 / Error
Event Submitted/Written: 03/14/2008 08:47:23 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type3688 / Error
Event Submitted/Written: 03/14/2008 08:47:22 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type3687 / Error
Event Submitted/Written: 03/14/2008 08:47:20 PM / 03/14/2008 08:47:22 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-03-16 16:51:06 ------------
  • 0

#10
Joshua C
Posted 17 March 2008 - 07:11 AM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok,

My mom is goin nuts!
She turned her computer on this morning (8:03am) and saw a flashing pop up saying

"warning illegal child porn has been found on your computer"

On top of that shes got a bunch of new porn icons.

She has not touched the computer sence we ran those scans last night, she only shut down the computer.

Below is a pop up she currently has on the pc.. Shes freaking out and is afraid. you mind just posting here, and assuring her (as i have lol) that she is NOT really in legal trouble

Posted Image
  • 0

Advertisements

#11
Joshua C
Posted 17 March 2008 - 07:17 AM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Strike That Part out about "porn Icons" i think she though the pic was of actual icons. so its just another porn pop up for a rouge program im sure.
  • 0

#12
don77
Posted 24 March 2008 - 07:46 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Joshua
Please accept my apologies for you and your mom being left hanging with this issue for almost a week now.

What your mom is seeing is part of these fake programs and there is nothing to be concerned with in regards to actual porn of any type being on the machine.

Lets do the following so I can get an idea of whats still on Moms machine

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt


Next

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Joshua C
Posted 27 March 2008 - 06:23 AM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK,

Were having some trouble running the Online Scan. AS soon as we open IE the pop ups hammer it.

Here are the Other logs, I'll try again on the online scan in just a moment.

Deckard's System Scanner v20071014.68
Run by Kimberly on 2008-03-24 22:08:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-03-25 02:10:02 UTC - RP65 - Deckard's System Scanner Restore Point
64: 2008-03-24 22:33:00 UTC - RP64 - System Checkpoint
63: 2008-03-23 14:54:32 UTC - RP63 - System Checkpoint
62: 2008-03-21 18:44:43 UTC - RP62 - System Checkpoint
61: 2008-03-20 15:48:54 UTC - RP61 - Removed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-03-17 12:04:06 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 320 MiB (512 MiB recommended).


-- HijackThis (run as Kimberly.exe) --------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-24 22:13:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\S2ltYmVybHk\command.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Kimberly\Application Data\F?nts\wucrtupd.exe
C:\Program Files\Common Files\F?nts\?hkntfs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kimberly\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Kimberly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onenewsnow.com
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\xxyvwtq.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5EA073BD-DD60-4894-9C59-2927D61AA216} - C:\WINDOWS\system32\nnnnk.dll (file missing)
O2 - BHO: (no name) - {643B76DB-C636-41AB-8EF2-414FCDB1552C} - C:\WINDOWS\system32\hggec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\ssqolkh.dll (file missing)
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [a47dfd46] rundll32.exe "C:\WINDOWS\system32\ieajasom.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212329A38506CAC59B6
O4 - HKLM\..\Run: [{DF-FD-DE-E9-DW}] C:\WINDOWS\system32\winz1\begmgr11.exe DWram
O4 - HKLM\..\Run: [BMa74eceda] Rundll32.exe "C:\WINDOWS\system32\vclvywmb.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Shot] "C:\DOCUME~1\Kimberly\APPLIC~1\FNTS~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Kda] "C:\Program Files\Common Files\F?nts\?hkntfs.exe"
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\winz1\begmgr11.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.micr...D0C/wmv9dmo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: ssqolkh - C:\WINDOWS\system32\ssqolkh.dll (file missing)
O20 - Winlogon Notify: xxyvwtq - C:\WINDOWS\system32\xxyvwtq.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2ltYmVybHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


--
End of file - 5732 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080303-120555-124 O15 - Trusted Zone: *.avsystemcare.com
backup-20080303-120555-282 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080303-120555-287 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080303-120555-299 O15 - Trusted Zone: *.imageservr.com
backup-20080303-120555-315 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080303-120555-367 O15 - Trusted Zone: *.amaena.com
backup-20080303-120555-511 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080303-120555-529 O15 - Trusted Zone: *.onerateld.com
backup-20080303-120555-530 O15 - Trusted Zone: *.safetydownload.com
backup-20080303-120555-554 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080303-120555-608 O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/c...::/xpreload.ocx
backup-20080303-120555-707 O15 - Trusted Zone: *.imagesrvr.com
backup-20080303-120555-729 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080303-120555-736 O15 - Trusted Zone: *.virusschlacht.com
backup-20080303-120555-742 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080303-120555-758 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080303-120555-796 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080303-120555-868 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080303-120555-904 O15 - Trusted Zone: *.gomyhit.com
backup-20080303-120555-920 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080303-120555-998 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080314-133632-255 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
backup-20080314-133632-313 O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
backup-20080314-133632-413 O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll (file missing)
backup-20080314-133632-533 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080314-133633-859 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080314-133634-653 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080314-133634-671 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205016163281
backup-20080314-133636-773 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205016140638
backup-20080314-133637-489 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
backup-20080314-133638-791 O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 nnrnstdi - c:\windows\system32\drivers\nnrnstdi.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 serenumm - c:\windows\system32\drivers\serenumm.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 km_filter - c:\windows\system32\drivers\km_filter.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\kimberly\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\s2ltymvybhk\command.exe
R2 Network Monitor - c:\program files\network monitor\netmon.exe service

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 612)
2008-03-24 08:18:28 38400 --a------ C:\WINDOWS\system32\xxyvwtq.dll

C:\WINDOWS\explorer.exe (pid 632)
2005-08-02 16:46:54 187904 -rahs---- C:\WINDOWS\S2ltYmVybHk\asappsrv.dll
2008-03-24 08:24:51 273408 --a------ C:\WINDOWS\system32\hggec.dll
2008-03-24 08:18:28 38400 --a------ C:\WINDOWS\system32\xxyvwtq.dll
2008-03-20 11:26:20 89664 --a------ C:\WINDOWS\system32\vclvywmb.dll
2007-06-08 10:45:46 143360 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nphooks.dll <Not Verified; NetRatings, Inc.; NielsenOnline>
2007-06-08 10:45:18 221184 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nscore.dll <Not Verified; NetRatings, Inc.; NielsenOnline>
2007-06-08 10:45:08 344064 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\communication.dll <Not Verified; ; NielsenOnline>
2007-11-16 19:55:40 212992 --a------ C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll <Not Verified; ; NielsenOnline>

C:\WINDOWS\system32\rundll32.exe (pid 1336)
2005-08-02 16:46:54 187904 -rahs---- C:\WINDOWS\S2ltYmVybHk\asappsrv.dll
2008-03-20 11:26:20 89664 --a------ C:\WINDOWS\system32\vclvywmb.dll
2007-06-08 10:45:46 143360 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nphooks.dll <Not Verified; NetRatings, Inc.; NielsenOnline>
2007-06-08 10:45:18 221184 --a------ C:\Program Files\NetRatingsNetSight\NetSight\meter1\nscore.dll <Not Verified; NetRatings, Inc.; NielsenOnline>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 17:00:28 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-24 10:42:21 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-24 10:40:26 37376 -ra------ C:\WINDOWS\mrofinu1000106.exe
2008-03-24 08:27:40 38400 --a------ C:\WINDOWS\system32\jkkhiji.dll
2008-03-24 08:25:40 0 d-------- C:\Program Files\Outerinfo
2008-03-24 08:25:31 4931 --ahs---- C:\WINDOWS\system32\ceggh.ini2
2008-03-24 08:25:25 0 d-------- C:\Program Files\Common Files\F?nts
2008-03-24 08:24:47 273408 --a------ C:\WINDOWS\system32\hggec.dll
2008-03-24 08:24:37 60928 --a------ C:\WINDOWS\system32\znqjgx.dll
2008-03-24 08:20:55 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-03-24 08:20:55 0 d-------- C:\Program Files\Network Monitor
2008-03-24 08:20:19 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-24 08:19:40 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-24 08:19:30 86016 --a------ C:\WINDOWS\system32\drivers\serenumm.sys
2008-03-24 08:19:18 0 d-------- C:\WINDOWS\system32\winz1
2008-03-24 08:19:18 0 d-------- C:\WINDOWS\system32\usnv
2008-03-24 08:19:17 0 d-------- C:\WINDOWS\system32\xTmp
2008-03-24 08:19:17 0 d-------- C:\WINDOWS\system32\IDME
2008-03-24 08:19:10 0 d-------- C:\Documents and Settings\Kimberly\Application Data\F?nts
2008-03-24 08:18:48 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-24 08:18:27 38400 --a------ C:\WINDOWS\system32\xxyvwtq.dll
2008-03-21 11:40:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-21 11:38:58 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-21 11:38:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-21 11:38:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-21 11:38:58 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-21 11:38:58 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-21 11:38:58 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-21 11:38:58 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-21 11:38:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-21 11:38:58 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-21 11:38:58 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-21 11:38:58 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-21 11:38:58 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-21 11:38:58 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-21 11:38:57 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-20 11:26:19 89664 --a------ C:\WINDOWS\system32\vclvywmb.dll
2008-03-19 22:58:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-03-19 22:49:05 90688 --a------ C:\WINDOWS\system32\akykurud.dll
2008-03-19 22:45:26 90688 --a------ C:\WINDOWS\system32\hvwmxiiy.dll
2008-03-19 19:58:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\NetMon
2008-03-19 19:58:04 0 d--hs---- C:\WINDOWS\S2ltYmVybHk
2008-03-19 18:05:22 37376 -ra------ C:\WINDOWS\mrofinu572.exe
2008-03-19 12:53:03 90688 --a------ C:\WINDOWS\system32\uijjctdb.dll
2008-03-19 12:37:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\?racle
2008-03-19 11:04:10 90688 --a------ C:\WINDOWS\system32\pvhmfgju.dll
2008-03-18 11:53:13 0 d-------- C:\Program Files\CPV
2008-03-18 11:02:33 91200 --a------ C:\WINDOWS\system32\svghljoe.dll
2008-03-18 10:57:06 0 d-------- C:\Program Files\Temporary
2008-03-17 17:20:15 319 --ahs---- C:\WINDOWS\system32\xxycf.ini2
2008-03-17 08:16:35 93760 --a------ C:\WINDOWS\system32\rosjopny.dll
2008-03-17 08:03:49 298494 --ahs---- C:\WINDOWS\system32\knnnn.ini2
2008-03-14 13:58:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-13 20:12:04 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-11 11:18:06 58880 --a------ C:\WINDOWS\system32\atgban.dll
2008-03-09 15:52:23 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 15:40:08 0 d-------- C:\Program Files\Apple Software Update
2008-03-09 15:40:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-09 15:11:48 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-09 15:10:02 0 d-------- C:\WINDOWS\Prefetch
2008-03-09 14:49:44 0 d-------- C:\WINDOWS\peernet
2008-03-09 14:49:39 0 d-------- C:\WINDOWS\provisioning
2008-03-09 14:40:28 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-09 14:28:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-09 14:18:20 0 d-------- C:\WINDOWS\EHome
2008-03-09 10:50:58 0 d-------- C:\WINDOWS\system32\bits
2008-03-09 10:46:23 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-09 10:45:10 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 18:42:36 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-08 18:40:31 0 d---s---- C:\Documents and Settings\Ron\UserData
2008-03-08 00:06:23 13312 --a------ C:\WINDOWS\system32\drivers\nnrnstdi.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
2008-03-08 00:06:22 8832 --a------ C:\WINDOWS\system32\drivers\km_filter.sys <Not Verified; NetRatings, Inc.; NielsenOnline>
2008-03-08 00:02:00 49152 --a------ C:\WINDOWS\nswatchdog.exe
2008-03-08 00:02:00 0 d-------- C:\Program Files\NetRatingsNetSight
2008-03-07 15:50:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\LimeWire
2008-03-07 15:47:15 0 d-------- C:\Program Files\LimeWire
2008-03-04 16:33:14 0 d-------- C:\Documents and Settings\Ron\Application Data\Thunderbird
2008-03-02 11:53:00 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 11:52:37 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 18:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-01 18:21:57 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 13:13:49 0 d-------- C:\Hp Printer Drives DeskJet 3520
2008-02-28 12:54:04 0 d-------- C:\ComboFix(2)
2008-02-27 15:30:48 0 d-------- C:\Program Files\Quick StartUp
2008-02-27 08:27:16 0 d-------- C:\Program Files\Paltalk Messenger Interop
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\jk8
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\hc4
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\fs7
2008-02-27 08:22:06 0 d-------- C:\WINDOWS\system32\ax3
2008-02-27 08:21:39 0 d-------- C:\WINDOWS\system32\iDlo01
2008-02-26 08:13:35 2932 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache


-- Find3M Report ---------------------------------------------------------------

2008-03-24 21:51:50 9 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F06BFA31-CB6A-4C0B-80B3-8C5BC76C03C6}
2008-03-24 10:43:37 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-03-24 08:25:31 0 d-------- C:\Program Files\Common Files\F?nts
2008-03-24 08:25:25 0 d-------- C:\Program Files\Common Files
2008-03-24 08:19:14 0 d-------- C:\Documents and Settings\Kimberly\Application Data\F?nts
2008-03-24 06:59:18 0 d-------- C:\Program Files\LogMeIn
2008-03-20 13:17:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-19 12:37:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\?racle
2008-03-14 19:30:47 0 d-------- C:\Program Files\SpywareGuard
2008-03-09 19:21:28 0 d-------- C:\Program Files\Messenger
2008-03-09 15:44:21 0 d-------- C:\Program Files\QuickTime
2008-03-09 15:38:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 14:49:49 0 d-------- C:\Program Files\Movie Maker
2008-03-09 14:39:27 0 d-------- C:\Program Files\Windows NT
2008-03-08 18:43:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-02 11:53:12 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Mozilla
2008-02-28 13:13:35 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-27 08:44:13 10 --a------ C:\Program Files\.autoreg
2008-02-21 17:26:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 10:21:26 0 d-------- C:\Program Files\Paltalk Messenger
2008-02-21 10:12:55 0 d-------- C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-21 10:12:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 14:11:33 0 d-------- C:\Program Files\Auto Greeter
2008-02-18 13:30:50 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 18:31:39 0 d-------- C:\Program Files\PeaZip
2008-02-12 01:04:06 1397 --a------ C:\WINDOWS\mozver.dat
2008-02-12 01:01:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Sun
2008-02-12 01:00:03 0 d-------- C:\Program Files\Java
2008-02-12 00:58:12 0 d-------- C:\Program Files\Common Files\Java
2008-02-10 14:17:10 0 d-------- C:\Program Files\Trend Micro
2008-02-10 14:15:46 0 d-------- C:\Program Files\SpywareBlaster
2008-02-10 11:30:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 20:39:53 4 --a------ C:\WINDOWS\system32\SvcNm
2008-02-09 10:46:23 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Macromedia
2008-02-09 10:46:22 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Adobe
2008-02-09 09:38:25 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-08 18:31:47 0 d-------- C:\Program Files\D-Link
2008-02-08 18:21:31 4 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D41A3268-B87D-4205-8E56-3828882A4E10}
2008-02-08 17:57:28 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{89E59345-5857-4226-9BA1-6EF31A395C98}
2008-02-08 17:20:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-08 15:25:00 0 d-------- C:\Program Files\ANI
2008-02-08 15:24:17 0 d-------- C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 15:09:36 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Identities
2008-02-08 14:56:00 0 d-------- C:\Program Files\microsoft frontpage
2008-02-08 14:55:33 0 -rahs---- C:\MSDOS.SYS
2008-02-08 14:55:33 0 -rahs---- C:\IO.SYS
2008-02-08 14:55:33 0 --a------ C:\CONFIG.SYS
2008-02-08 14:55:33 0 --a------ C:\AUTOEXEC.BAT
2008-02-08 14:52:17 0 d-------- C:\Program Files\Online Services
2008-02-08 14:50:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-08 14:49:45 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-08 09:34:29 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-08 09:34:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-08 09:33:38 62 --ahs---- C:\Documents and Settings\Kimberly\Application Data\desktop.ini
2008-01-15 17:52:24 140800 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]
03/24/2008 08:18 AM 38400 --a------ C:\WINDOWS\system32\xxyvwtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5EA073BD-DD60-4894-9C59-2927D61AA216}]
C:\WINDOWS\system32\nnnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{643B76DB-C636-41AB-8EF2-414FCDB1552C}]
03/24/2008 08:24 AM 273408 --a------ C:\WINDOWS\system32\hggec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
C:\WINDOWS\system32\ssqolkh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [08/29/2007 04:16 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 12:49 PM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [08/18/2004 12:47 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [11/16/2007 07:55 PM]
"a47dfd46"="C:\WINDOWS\system32\ieajasom.dll" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"PostSetupCheck"="C:\WINDOWS\system32\atgban.dll" [03/11/2008 11:18 AM]
"runner1"="C:\WINDOWS\mrofinu1000106.exe" [03/24/2008 10:40 AM]
"{DF-FD-DE-E9-DW}"="C:\WINDOWS\system32\winz1\begmgr11.exe" [02/14/2008 10:42 AM]
"BMa74eceda"="C:\WINDOWS\system32\vclvywmb.dll" [03/20/2008 11:26 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/07/2008 11:38 PM]
"Shot"="C:\DOCUME~1\Kimberly\APPLIC~1\FNTS~1\wucrtupd.exe" [03/24/2008 08:19 AM]
"Kda"="C:\Program Files\Common Files\F?nts\?hkntfs.exe" [01/28/2008 12:29 PM]

C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\winz1\begmgr11.exe [2/14/2008 10:42:16 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 02:55 PM 77824]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\ssqolkh.dll [ ]
"{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\system32\xxyvwtq.dll [03/24/2008 08:18 AM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqolkh]
ssqolkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwtq]
xxyvwtq.dll 03/24/2008 08:18 AM 38400 C:\WINDOWS\system32\xxyvwtq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hggec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"a47dfd46"=rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
"NBInstall"=C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
"horyhyt"=C:\Program Files\MSN\horyhyt77798.exe




-- End of Deckard's System Scanner: finished at 2008-03-24 22:38:15 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 319.46 MiB / 115.76 MiB
Pagefile Memory (total/avail): 776.53 MiB / 454.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.54 MiB

C: is Fixed (NTFS) - 28.63 GiB total, 22.78 GiB free.
D: is Fixed (NTFS) - 1.51 GiB total, 0.69 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - Conner Peripherals 1620MB - CFS1621A - 1547.44 MiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 1547.41 MiB - D:

\\.\PHYSICALDRIVE0 - WDC WD307AA-00BAA0 - 28.64 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.63 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kimberly\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMBERLY-28GW9Y
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kimberly
LOGONSERVER=\\KIMBERLY-28GW9Y
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
USERDOMAIN=KIMBERLY-28GW9Y
USERNAME=Kimberly
USERPROFILE=C:\Documents and Settings\Kimberly
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kimberly (admin)
Ron (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Auto Greeter --> "C:\Program Files\Auto Greeter\unins000.exe"
Command --> wscript "C:\WINDOWS\S2ltYmVybHk\mZ5QsApVvJ4.vbs"
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\CPV\CPV7.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\CPV\"" /f
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\targetedbanner-uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
Nielsen//NetRatings --> C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PeaZip 1.11 --> "C:\Program Files\PeaZip\unins000.exe"
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Wireless G WDA-1320 --> C:\Program Files\InstallShield Installation Information\{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}\setup.exe -runfromtemp -l0x0009 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type586 / Error
Event Submitted/Written: 03/24/2008 10:56:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 9.0.0.3250, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type585 / Error
Event Submitted/Written: 03/24/2008 10:56:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 9.0.0.3250, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type584 / Error
Event Submitted/Written: 03/24/2008 10:55:56 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 9.0.0.3250, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type583 / Error
Event Submitted/Written: 03/24/2008 10:55:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 9.0.0.3250, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type582 / Error
Event Submitted/Written: 03/24/2008 10:55:32 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4041 / Error
Event Submitted/Written: 03/24/2008 09:58:44 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Outerinfo\FF\components\FF.dll.
Reference error message: The operation completed successfully.
.

Event Record #/Type4040 / Error
Event Submitted/Written: 03/24/2008 09:58:44 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type4039 / Error
Event Submitted/Written: 03/24/2008 09:58:44 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type4015 / Warning
Event Submitted/Written: 03/24/2008 10:56:57 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to shutdown KIMBERLY-28GW9Y failed

Event Record #/Type4014 / Warning
Event Submitted/Written: 03/24/2008 10:55:25 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot KIMBERLY-28GW9Y failed



-- End of Deckard's System Scanner: finished at 2008-03-24 22:38:15 -----------
  • 0

#14
Joshua C
Posted 28 March 2008 - 01:53 PM

Joshua C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK,

Give me some ideas here. When i run the scan online , as soon as i open IE i get sooooo many popups that it stalls IE and shuts it down. can we run house call? or is this one better?
  • 0

#15
don77
Posted 29 March 2008 - 05:48 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
The machine is infected again


Could you rescan with combofix please and post back the log from it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP