Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've been Highjacked [RESOLVED]

Started by VexinVixn , Apr 26 2008 01:48 PM

  • This topic is locked This topic is locked

#1
VexinVixn
Posted 26 April 2008 - 01:48 PM

VexinVixn

    New Member

  • Member
  • Pip
  • 9 posts
Greetings Geeks,

I have been working on this computer for over a week now trying to remove some bad mojo. The Zone Alarm went down at some point and PC was overrun with problems. I have completed the steps suggested in the "read this" memo as far as I could, but ran into a couple of problems.

The Panda ActiveScan was never able to complete removal of the problems it found. Ran it a couple of times and got the "Oops Sorry" message both tries. I am running it again to get the log which I did not save the last couple of times.

I also tried to install the windows service pack 1, but got an error telling me that I already had a newer version installed.

I appreciate any assistance you might be able to provide. I am going nuts trying to get cleaned up. I will post the logs I have. (The Panda ActiveScan is still running. I will post it later if its needed.)

Not sure exactly the type of information that you need but here is some system info.
/Windows XP Home Addition - version 5.1.2600 SP2 Build 2600
Internet Explorer - version 7.0.573011

Here are the logs that I have collected so far.:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:55 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [khfcolif] c:\documents and settings\edward mack.533034b8a6df4d9\local settings\application data\khfcolif.exe khfcolif
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149555650322
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36308.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O21 - SSODL: AlrtAvp - {3d017764-ed33-4df5-9a0c-91bc1addf3ea} - (no file)
O21 - SSODL: RunOnceVolume - {2f678595-603f-447c-b814-8939c0b76731} - (no file)
O22 - SharedTaskScheduler: {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - hubbsi - (no file)
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13231 bytes


Malwarebytes' Anti-Malware 1.11
Database version: 667

Scan type: Full Scan (C:\|)
Objects scanned: 150669
Time elapsed: 1 hour(s), 10 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\tuvWqNFw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcArpqN.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwqnfw (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f80bf95-624b-4488-8634-3365071b3b96} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f80bf95-624b-4488-8634-3365071b3b96} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\tuvWqNFw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcArpqN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NqprAcdd.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NqprAcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
Generated 04/22/2008 at 00:13 AM

Application Version : 3.6.1000

Core Rules Database Version : 3444
Trace Rules Database Version: 1436

Scan type : Complete Scan
Total Scan Time : 03:12:36

Memory items scanned : 406
Memory threats detected : 0
Registry items scanned : 6402
Registry threats detected : 99
File items scanned : 109977
File threats detected : 91

Adware.Tracking Cookie
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Cookies\[email protected][1].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@2o7[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@advertising[1].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@atdmt[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward [email protected][1].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@doubleclick[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward [email protected][2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@hitbox[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@insightexpress[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@maxserving[1].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@mediaplex[1].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@questionmarket[2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward [email protected][2].txt
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\Edward Mack\Cookies\edward mack@serving-sys[1].txt

Adware.MovieLand/MediaPipe
HKLM\Software\MediaPipe
HKLM\Software\MediaPipe\Prefs
HKLM\Software\MediaPipe\Prefs#GUID
C:\Program Files\moviepass Terms.html
C:\Program Files\MediaPipe\ItBill_terms.txt
C:\Program Files\MediaPipe\register.dll
C:\Program Files\MediaPipe

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlocker
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility\v3.0
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SpamBlockerUtility

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-640180339-3460185986-3248242493-1006\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarerefer...=...6Ojg5&lid=2 ]

Malware.SpywareQuake
C:\Program Files\SpyQuake2.com\ignored.lst
C:\Program Files\SpyQuake2.com
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0\win32
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\FLAGS
HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\HELPDIR
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid32
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib
HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib#Version
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid32
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib
HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib#Version
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid32
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib
HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib#Version
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid32
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib
HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib#Version
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid32
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib
HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib#Version
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid32
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib
HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib#Version
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid32
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib
HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib#Version
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid32
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib
HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib#Version
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid32
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib
HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib#Version
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid32
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib
HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib#Version
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid32
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib
HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib#Version
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid32
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib
HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib#Version
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib
HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib#Version
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid32
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib
HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib#Version
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid32
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib
HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib#Version
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid32
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib
HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib#Version

Trojan.Media-Codec
HKCR\EMediaCodek.Chl
HKCR\EMediaCodek.Chl\CLSID

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Zango\IESkins
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Zango

Trojan.DNSChanger-Codec
HKLM\Software\NetProjft
HKLM\Software\NetProjft\Windows
HKLM\Software\NetProjft\Windows\ectntVersion
HKLM\Software\NetProjft\Windows\ectntVersion\Explorer
HKLM\Software\NetProjft\Windows\ectntVersion\Explorer\Browser Helper Objects
HKLM\Software\NetProjft\Windows\ectntVersion\Explorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}
HKU\S-1-5-21-640180339-3460185986-3248242493-1006\Software\uninstall

Trojan.Media-Codec/V5
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject

Rogue.VirusIsolator
C:\DOCUMENTS AND SETTINGS\EDWARD MACK.533034B8A6DF4D9\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6FLAWCTQ\VIRUSISOLATOR[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302793.EXE

Rogue.NetProject-Installer
C:\DOCUMENTS AND SETTINGS\EDWARD MACK.533034B8A6DF4D9\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BS2M80ZN\SETUP[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP881\A0301208.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301221.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302530.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302547.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302665.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302691.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP886\A0302719.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP888\A0302732.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP888\A0302742.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302761.EXE

Trojan.NewDotNet
C:\DOCUMENTS AND SETTINGS\EDWARD MACK.533034B8A6DF4D9\MY DOCUMENTS\CLEANUP SOFTWARE\NNUNINSTALL.EXE

Adware.180solutions/Seekmo
C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_SEEKMOSA.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302774.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302775.DLL

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP842\A0281224.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP842\A0281226.EXE

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP842\A0281230.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP875\A0292353.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP877\A0294644.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302797.DLL

Adware.SXGAdvisor-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP842\A0281232.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP875\A0292351.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP877\A0294642.DLL
C:\WINDOWS\QNMARGOLXPG.DLL

Malware.MalwareStopper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP881\A0301172.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP881\A0301173.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP881\A0301174.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301280.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301282.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302516.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302517.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302518.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302778.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302779.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302780.DLL

Malware.VirusRanger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301225.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301238.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302495.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302772.DLL

Rogue.VirusHeat
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301244.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301255.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP885\A0302514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302791.EXE

Trojan.Smitfraud Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301257.DLL
C:\WINDOWS\SYSTEM32\BUBBJ.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301258.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP882\A0301259.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302760.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302764.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302789.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{159753DE-EE53-486D-B525-FCDDC8F0A2EB}\RP889\A0302790.ICO

Thanks again for any assitance,
V
  • 0

Advertisements

#2
kahdah
Posted 26 April 2008 - 03:30 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello VexinVixn

Welcome to G2Go. :)
=====================
Are you using Zone Alarm as a your antivirus?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
VexinVixn
Posted 26 April 2008 - 08:04 PM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks kahdah,

I was previously running Zone Alarm Security Suite that has firewall and anti-virus/spyware, but had to uninstall it a couple of minutes ago... it froze up a because it detected two problems that it could not quarantine/delete. Here are the DSS logs you requested. Thanks again,

Deckard's System Scanner v20071014.68
Run by Edward Mack on 2008-04-26 20:47:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
56: 2008-04-27 01:39:11 UTC - RP894 - Deckard's System Scanner Restore Point
55: 2008-04-27 01:39:11 UTC - RP893 - Last known good configuration
54: 2008-04-27 01:39:11 UTC - RP892 - Last known good configuration
53: 2008-04-27 01:39:11 UTC - RP891 - Last known good configuration
52: 2008-04-27 01:39:11 UTC - RP890 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-04-27 01:39:03 UTC - RP839 - Removed Dreamweaver MX 2004


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Edward Mack.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:19 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Desktop\deckerdsystemscan.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Edward Mack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23867AF5-0F3A-43EB-883C-06EE3626A9A0} - C:\WINDOWS\system32\ddcArpqN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\tuvWqNFw.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149555650322
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36308.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: tuvWqNFw - C:\WINDOWS\SYSTEM32\tuvWqNFw.dll
O21 - SSODL: AlrtAvp - {3d017764-ed33-4df5-9a0c-91bc1addf3ea} - (no file)
O21 - SSODL: RunOnceVolume - {2f678595-603f-447c-b814-8939c0b76731} - (no file)
O22 - SharedTaskScheduler: {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - hubbsi - (no file)
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14630 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 TSP - c:\windows\system32\drivers\klif.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R3 SSScsiSV (SonicStage SCSI Service) - c:\program files\common files\sony shared\avlib\ssscsisv.exe

S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 VAIO Entertainment File Import Service - c:\program files\common files\sony shared\vaio entertainment\vzcdb\vzfw.exe
S3 VAIO Entertainment UPnP Client Adapter - c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 20:50:13 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9A5495C-14A2-4ED9-937E-D7129888A3DB}.job
2008-04-25 03:30:00 438 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-04-25 03:30:00 414 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-04-22 18:55:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 20:34:30 9 --a------ C:\WINDOWS\system32\acd75bc0
2008-04-26 20:16:52 425039 --ahs---- C:\WINDOWS\system32\NqprAcdd.ini2
2008-04-22 17:56:14 0 d-------- C:\Program Files\Panda Security
2008-04-21 20:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 20:54:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 20:54:22 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SUPERAntiSpyware.com
2008-04-21 20:52:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 19:58:53 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Malwarebytes
2008-04-21 19:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 19:58:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 19:57:41 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-21 16:39:32 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\TmpRecentIcons
2008-04-21 16:19:16 272896 --a------ C:\WINDOWS\system32\ddcArpqN.dll
2008-04-21 16:14:08 39936 --a------ C:\WINDOWS\system32\tuvWqNFw.dll
2008-04-21 16:13:42 0 d-------- C:\Documents and Settings\All Users\Application Data\qrkjcdoz
2008-04-19 22:53:21 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Download
2008-04-17 17:03:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-17 17:02:01 0 d-------- C:\Program Files\Common Files\iS3
2008-04-17 17:02:00 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-16 20:13:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-16 20:12:29 0 d-------- C:\Program Files\Ulead Systems
2008-04-13 14:41:56 0 d-------- C:\Program Files\illiminable
2008-04-13 14:39:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-13 14:39:19 0 d-------- C:\Program Files\DirectVideo
2008-04-13 14:39:12 0 d-------- C:\Program Files\High-Speed Options
2008-04-13 14:39:12 0 d-------- C:\Program Files\Common Files\FTL Shared
2008-04-12 21:43:14 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\.housecall6.6
2008-04-11 14:56:52 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Media Player Classic
2008-04-10 15:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 21:28:41 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Move Networks
2008-04-03 19:29:25 0 d-------- C:\Documents and Settings\Vonda\Application Data\Google
2008-04-02 11:55:02 0 d-------- C:\Program Files\Doom 3
2008-04-01 01:48:07 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\RegistrySmart
2008-04-01 01:47:57 0 d-------- C:\Program Files\RegistrySmart
2008-03-27 18:22:47 0 d-------- C:\Program Files\Theorica Divx ;-) Codecs


-- Find3M Report ---------------------------------------------------------------

2008-04-24 21:03:16 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-23 20:14:26 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Real
2008-04-21 20:52:52 0 d-------- C:\Program Files\Common Files
2008-04-21 20:43:47 0 d-------- C:\Program Files\Movie Maker
2008-04-21 16:38:53 0 d-------- C:\Program Files\Web Publish
2008-04-21 01:07:21 29994 --a------ C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\update.log
2008-04-18 10:22:17 0 d-------- C:\Program Files\Google
2008-04-16 21:06:17 0 d-------- C:\Program Files\Trend Micro
2008-04-16 20:12:33 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Ulead Systems
2008-04-16 20:12:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 14:41:20 0 d-------- C:\Program Files\DivX
2008-04-13 14:41:17 0 dr-h----- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\yahoo!
2008-04-13 14:39:26 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\DivX
2008-04-10 15:43:34 0 d-------- C:\Program Files\Yahoo!
2008-04-06 16:27:56 264 --a------ C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\wklnhst.dat
2008-03-26 12:51:23 0 d-------- C:\Program Files\Java
2008-03-23 12:19:01 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Adobe
2008-03-20 23:49:24 0 d-------- C:\Program Files\LimeWire
2008-03-20 18:45:07 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-03-20 18:45:07 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Macromedia
2008-03-20 18:44:47 0 d-------- C:\Program Files\Macromedia
2008-03-20 18:44:47 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-18 16:31:01 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\LimeWire
2008-03-10 14:04:27 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-28 11:32:28 0 d-------- C:\Program Files\Oberon Media
2008-02-28 11:30:38 0 d-------- C:\Program Files\NCH Software
2008-02-28 11:28:27 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-28 11:28:04 0 d-------- C:\Program Files\MySpace
2008-02-28 11:26:42 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23867AF5-0F3A-43EB-883C-06EE3626A9A0}]
04/21/2008 04:19 PM 272896 --a------ C:\WINDOWS\system32\ddcArpqN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
04/21/2008 04:14 PM 39936 --a------ C:\WINDOWS\system32\tuvWqNFw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/01/2004 02:02 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 05:36 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"SoundMan"="SOUNDMAN.EXE" [08/24/2004 01:14 PM C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe" [12/12/2000 08:30 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/01/2004 01:58 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 05:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [08/24/2004 01:01 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/20/2004 12:22 PM C:\WINDOWS\ALCMTR.EXE]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [06/03/2005 08:16 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/17/2006 03:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"khfcolif"="c:\documents and settings\edward mack.533034b8a6df4d9\local settings\application data\khfcolif.exe" [03/21/2008 12:36 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 2:19:50 AM]
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [11/3/2004 8:46:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\tuvWqNFw.dll [04/21/2008 04:14 PM 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWqNFw]
tuvWqNFw.dll 04/21/2008 04:14 PM 39936 C:\WINDOWS\system32\tuvWqNFw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Edward Mack.533034B8A6DF4D9^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe




-- End of Deckard's System Scanner: finished at 2008-04-26 20:53:05 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 503.36 MiB / 171.71 MiB
Pagefile Memory (total/avail): 1228.53 MiB / 939.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 183.91 GiB total, 158.42 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y200M0 - 189.92 GiB - 2 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 183.91 GiB - C:

\\.\PHYSICALDRIVE2 - Sony UMH-U HS-CF USB Device

\\.\PHYSICALDRIVE1 - Sony UMH-U HS-MS USB Device

\\.\PHYSICALDRIVE4 - Sony UMH-U HS-SD/MMC USB Device

\\.\PHYSICALDRIVE3 - Sony UMH-U HS-XD USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Sony\\Giga Pocket\\gps.exe"="C:\\Program Files\\Sony\\Giga Pocket\\gps.exe:LocalSubNet:Enabled:Giga Pocket Server"
"C:\\Program Files\\Sony\\Giga Pocket\\VE.exe"="C:\\Program Files\\Sony\\Giga Pocket\\VE.exe:LocalSubNet:Enabled:Giga Pocket Explorer"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Oberon Media\\5 Spots II\\Launch.exe"="C:\\Program Files\\Oberon Media\\5 Spots II\\Launch.exe:*:Enabled:5 Spots II"
"C:\\Program Files\\GameHouse\\Solitaire\\Solitaire.exe"="C:\\Program Files\\GameHouse\\Solitaire\\Solitaire.exe:*:Enabled:Super Solitaire"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDWARD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Edward Mack.533034B8A6DF4D9
LOGONSERVER=\\EDWARD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EDWARD~1.533\LOCALS~1\Temp
TMP=C:\DOCUME~1\EDWARD~1.533\LOCALS~1\Temp
USERDOMAIN=EDWARD
USERNAME=Edward Mack
USERPROFILE=C:\Documents and Settings\Edward Mack.533034B8A6DF4D9
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Edward Mack.533034B8A6DF4D9 (admin)
Sheridan
Melissa Mack

Vonda (admin)
Ms.Mack (admin)
mack (admin)
VNS (new local)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> Dummy
--> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOL Setup --> "C:\Program Files\Online Services\AOL Setup\unwise.exe" /A "C:\Program Files\Online Services\AOL Setup\install.log" Uninstall AOL Setup
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
Click to DVD 2.0 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.1.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Copy Utility --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Copy Utility\Uninst.isu"
Desktop Weather by The Weather Channel --> C:\PROGRA~1\THEWEA~1\DESKTO~1\UNWISE.EXE C:\PROGRA~1\THEWEA~1\DESKTO~1\INSTALL.LOG
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
EPSON Photo Print --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel --> C:\Program Files\EPSON\Smart Panel\SPUninst.exe
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" UNINSTALL
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Film Factory Lite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Giga Pocket 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCC3369F-D347-4674-BFAB-298A91B03641}\Setup.exe"
Giga Pocket Demo Movie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}\Setup.exe"
Giga Pocket Hardware Library 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D490016-5D01-4CB3-A037-55814AC63D2E}\Setup.exe"
Hardwood Solitaire III Lite --> C:\DOCUME~1\EDWARD~1.533\LOCALS~1\Temp\sce__0\ -Uninstall
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030030\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030030
High-Speed Internet Options --> C:\PROGRA~1\HIGH-S~1\UNWISE.EXE C:\PROGRA~1\HIGH-S~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 960c series (Remove only) --> C:\Program Files\hp deskjet 960c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=960c -huninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenMG Limited Patch 4.2-05-07-27-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.2.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SonicStage 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Super GameHouse Solitaire Vol. 1 --> C:\PROGRA~1\GAMEHO~1\SOLITA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SOLITA~1\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Print Shop 20 --> MsiExec.exe /I{863DCE5B-D6CA-4DC5-9F95-7DCFED15DE8F}
Ulead DVD MovieFactory 6 TBYB --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Remote Commander Utility 6.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}\Setup.exe"
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1
  • 0

#4
kahdah
Posted 26 April 2008 - 08:42 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok after this run with Combofix we will get you an antivirus.


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
VexinVixn
Posted 26 April 2008 - 09:00 PM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I just tried do download ComboFix from one of the links you suggested, and got an error message as it started to install...

Error reads: "You Cannot rename ComboFix to ComboFix[1]. Please use another name, perferably made up of alphnumeric characters."

I was not trying to rename anything. Please advise

V
  • 0

#6
kahdah
Posted 26 April 2008 - 09:17 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete your copy and then do the following

The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
So no need for anything else.
After installing it do the following:
========================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill Explorer]
C:\WINDOWS\system32\acd75bc0
C:\WINDOWS\system32\NqprAcdd.ini2
C:\WINDOWS\system32\ddcArpqN.dll
C:\WINDOWS\system32\tuvWqNFw.dll
C:\WINDOWS\privacy_danger
C:\Documents and Settings\All Users\Application Data\qrkjcdoz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23867AF5-0F3A-43EB-883C-06EE3626A9A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWqNFw
empty temp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================================
Then update the AVG free edition and then click on the side tab that says Computer scanner.
Then click on scan whole computer.
It will remove or quarantine what it finds.
===========================
Then please post the OT Move it log and a new Dss log.
  • 0

#7
VexinVixn
Posted 26 April 2008 - 09:40 PM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I down loaded the AVG and it immediately started finding threats. I clicked "remove threats" and it warned me that my computer might become unstable. Should I proceed with removing threats or bypass the popup and get on with "OT Moveit"?
  • 0

#8
kahdah
Posted 26 April 2008 - 09:58 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go ahead nd bypass the threats and use OTMove it.
Then after that run a full scan with AVG
  • 0

#9
VexinVixn
Posted 26 April 2008 - 11:04 PM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OKMove it and DSS logs

File/Folder Kill Explorer] not found.
C:\WINDOWS\system32\acd75bc0 moved successfully.
C:\WINDOWS\system32\NqprAcdd.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ddcArpqN.dll
C:\WINDOWS\system32\ddcArpqN.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddcArpqN.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\tuvWqNFw.dll
C:\WINDOWS\system32\tuvWqNFw.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\tuvWqNFw.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\privacy_danger not found.
C:\Documents and Settings\All Users\Application Data\qrkjcdoz moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23867AF5-0F3A-43EB-883C-06EE3626A9A0} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23867AF5-0F3A-43EB-883C-06EE3626A9A0}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0 >
Registry key HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F50B3F5E-856E-4757-9BB1-B35D46CA7719} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F50B3F5E-856E-4757-9BB1-B35D46CA7719} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWqNFw >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWqNFw\\ deleted successfully.
File/Folder empty temp not found.
Explorer started successfully




OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04262008_230023

Files moved on Reboot...
File C:\WINDOWS\system32\ddcArpqN.dll not found!
File C:\WINDOWS\system32\tuvWqNFw.dll not found!

Deckard's System Scanner v20071014.68
Run by Edward Mack on 2008-04-27 00:00:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Edward Mack.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:01 AM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Desktop\decker system scan.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EDWARD~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EB4ADDC-C7B6-4466-8A3C-234F29BE8AD8} - C:\WINDOWS\system32\ddcArpqN.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\tuvWqNFw.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149555650322
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave...mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36308.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvWqNFw - tuvWqNFw.dll (file missing)
O21 - SSODL: AlrtAvp - {3d017764-ed33-4df5-9a0c-91bc1addf3ea} - (no file)
O21 - SSODL: RunOnceVolume - {2f678595-603f-447c-b814-8939c0b76731} - (no file)
O22 - SharedTaskScheduler: {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - hubbsi - (no file)
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 15413 bytes

-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-26 23:00:47 430562 --ahs---- C:\WINDOWS\system32\NqprAcdd.ini2
2008-04-26 22:35:29 0 d--h----- C:\$AVG8.VAULT$
2008-04-26 22:30:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-26 22:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-22 17:56:14 0 d-------- C:\Program Files\Panda Security
2008-04-21 20:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 20:54:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 20:54:22 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\SUPERAntiSpyware.com
2008-04-21 20:52:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 19:58:53 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Malwarebytes
2008-04-21 19:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 19:58:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 19:57:41 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-21 16:39:32 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\TmpRecentIcons
2008-04-19 22:53:21 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Download
2008-04-17 17:03:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-17 17:02:01 0 d-------- C:\Program Files\Common Files\iS3
2008-04-17 17:02:00 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-16 20:13:35 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-16 20:12:29 0 d-------- C:\Program Files\Ulead Systems
2008-04-13 14:41:56 0 d-------- C:\Program Files\illiminable
2008-04-13 14:39:29 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-13 14:39:19 0 d-------- C:\Program Files\DirectVideo
2008-04-13 14:39:12 0 d-------- C:\Program Files\High-Speed Options
2008-04-13 14:39:12 0 d-------- C:\Program Files\Common Files\FTL Shared
2008-04-12 21:43:14 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\.housecall6.6
2008-04-11 14:56:52 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Media Player Classic
2008-04-10 15:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 21:28:41 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Move Networks
2008-04-03 19:29:25 0 d-------- C:\Documents and Settings\Vonda\Application Data\Google
2008-04-02 11:55:02 0 d-------- C:\Program Files\Doom 3
2008-04-01 01:48:07 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\RegistrySmart
2008-04-01 01:47:57 0 d-------- C:\Program Files\RegistrySmart
2008-03-27 18:22:47 0 d-------- C:\Program Files\Theorica Divx ;-) Codecs


-- Find3M Report ---------------------------------------------------------------

2008-04-26 22:30:21 0 d-------- C:\Program Files\AVG
2008-04-24 21:03:16 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-23 20:14:26 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Real
2008-04-21 20:52:52 0 d-------- C:\Program Files\Common Files
2008-04-21 20:43:47 0 d-------- C:\Program Files\Movie Maker
2008-04-21 16:38:53 0 d-------- C:\Program Files\Web Publish
2008-04-21 01:07:21 29994 --a------ C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\update.log
2008-04-18 10:22:17 0 d-------- C:\Program Files\Google
2008-04-16 21:06:17 0 d-------- C:\Program Files\Trend Micro
2008-04-16 20:12:33 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Ulead Systems
2008-04-16 20:12:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 14:41:20 0 d-------- C:\Program Files\DivX
2008-04-13 14:41:17 0 dr-h----- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\yahoo!
2008-04-13 14:39:26 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\DivX
2008-04-10 15:43:34 0 d-------- C:\Program Files\Yahoo!
2008-04-06 16:27:56 264 --a------ C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\wklnhst.dat
2008-03-26 12:51:23 0 d-------- C:\Program Files\Java
2008-03-23 12:19:01 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Adobe
2008-03-20 23:49:24 0 d-------- C:\Program Files\LimeWire
2008-03-20 18:45:07 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-03-20 18:45:07 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\Macromedia
2008-03-20 18:44:47 0 d-------- C:\Program Files\Macromedia
2008-03-20 18:44:47 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-18 16:31:01 0 d-------- C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\Application Data\LimeWire
2008-03-10 14:04:27 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-28 11:32:28 0 d-------- C:\Program Files\Oberon Media
2008-02-28 11:30:38 0 d-------- C:\Program Files\NCH Software
2008-02-28 11:28:27 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-28 11:28:04 0 d-------- C:\Program Files\MySpace
2008-02-28 11:26:42 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EB4ADDC-C7B6-4466-8A3C-234F29BE8AD8}]
C:\WINDOWS\system32\ddcArpqN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
C:\WINDOWS\system32\tuvWqNFw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/01/2004 02:02 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 05:36 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 12:08 AM]
"SoundMan"="SOUNDMAN.EXE" [08/24/2004 01:14 PM C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe" [12/12/2000 08:30 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/01/2004 01:58 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 05:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [08/24/2004 01:01 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/20/2004 12:22 PM C:\WINDOWS\ALCMTR.EXE]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [06/03/2005 08:16 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/17/2006 03:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/26/2008 10:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"khfcolif"="c:\documents and settings\edward mack.533034b8a6df4d9\local settings\application data\khfcolif.exe" [03/21/2008 12:36 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 2:19:50 AM]
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [11/3/2004 8:46:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\tuvWqNFw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWqNFw]
tuvWqNFw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Edward Mack.533034B8A6DF4D9^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe




-- End of Deckard's System Scanner: finished at 2008-04-27 00:01:51 ------------
  • 0

#10
kahdah
Posted 27 April 2008 - 06:39 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0EB4ADDC-C7B6-4466-8A3C-234F29BE8AD8} - C:\WINDOWS\system32\ddcArpqN.dll (file missing)
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\tuvWqNFw.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O20 - Winlogon Notify: tuvWqNFw - tuvWqNFw.dll (file missing)
O21 - SSODL: AlrtAvp - {3d017764-ed33-4df5-9a0c-91bc1addf3ea} - (no file)
O21 - SSODL: RunOnceVolume - {2f678595-603f-447c-b814-8939c0b76731} - (no file)
O22 - SharedTaskScheduler: {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - hubbsi - (no file)



Now click on Fix Checked and then close Hijackthis.
================================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as an html document button:
  • Save the file to your desktop.
  • Attach that information in your next post.

  • 0

#11
VexinVixn
Posted 27 April 2008 - 11:55 AM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the Kaspersky results.

I am afraid that my computer is becoming reinfected while scans are running. AVG continues to identify threats during the scanning process. Should I try to reinstall my Zone alarm firewall?

Also... will I ever be able to use the Zone alarm security suite virus protection once the computer is cleaned up?


Attached File  kaspersky_results.html   60.73KB   14 downloads
  • 0

#12
kahdah
Posted 27 April 2008 - 12:48 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes just make sure to uninstall avg then you can re-install Zone Alarm.

No it's not getting re-infected it's just that when Kaspersky scans the files they are getting seen by AVG at the same time so that is why you are getting alerts.

Please delete this file >C:\Documents and Settings\Edward Mack.533034B8A6DF4D9\My Documents\cleanup software\Malwarebytes-setup.exe
========================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Delete\uninstall anything else that may be left over that we used.
===========================================
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
============================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#13
VexinVixn
Posted 27 April 2008 - 01:48 PM

VexinVixn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for all your help. Look like we are good to go. :)
  • 0

#14
kahdah
Posted 27 April 2008 - 03:39 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#15
kahdah
Posted 27 April 2008 - 03:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP