Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:/WINDOWS/privacy-danger/index.htm and the blue screen with bugs [RES

Started by TahoeDolphin , Jun 09 2008 02:05 PM

  • This topic is locked This topic is locked

#1
TahoeDolphin
Posted 09 June 2008 - 02:05 PM

TahoeDolphin

    New Member

  • Member
  • Pip
  • 9 posts
I am new here. I have read the "read this before you post things" and really hope I am doing this right. I am sorry ahead of time if not. ;-) I would also like to TY ahead of time for your help.

I did a HijackThis scan and A VundoFix scan. The VundoFix did not find anything.

Here is my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:01 PM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\lphc11wj0et2p.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://login.yahoo....//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided

by Qwest
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - blank (file

missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE"

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickCare2.2] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QuickCare2.2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [lphc11wj0et2p] C:\WINDOWS\system32\lphc11wj0et2p.exe
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk

Messenger\Paltalk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Qwest Live - {B61C026B-8BE4-4A6B-B25E-9755192F1D93} - http://qwest.live.com

(file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) -

http://www.snapfish....tlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) -

http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -

http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -

http://install.wildt...iveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -

http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -

http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo.walgree...eensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) -

http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

http://lads.myspace....ploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) -

file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/O

beron%20Games%20Host/PiratePoppers.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} -

http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://tahoedolphin....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) -

https://scan.safety....lscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -

https://mysupport.na...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros...b?1119907180062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1119907100421
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -

http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) -

http://www.gamehouse...mChronicles.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -

http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -

http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} -

https://help.verizon...tWebInstall.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} -

http://a14.g.akamai....ller_activex_en

_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {96AD66E6-8375-4864-8F4D-0F15023C2AF6} (CWUInstall Object) -

http://www.wundergro...all/weather.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -

http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} (NvsViewer Class) -

http://web.venturaco...s/NVSViewer.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) -

http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -

http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} (PG Class) -

http://web.venturaco...NVSProtocol.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) -

http://download.mcaf...0,2/mcmysec.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -

http://chill.comcast...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -

http://a532.g.akamai...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -

http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} -

http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -

http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://plugin.driver...driveragent.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -

http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -

http://download.mcaf...561/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) -

file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/O

beron%20Games%20Host/Sweetopia.1.0.0.46.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -

http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - Winlogon Notify: ddayy - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common

Files\SupportSoft\bin\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program

Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program

Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: Privacy Protection - about:home

--
End of file - 15916 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 13 June 2008 - 09:56 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...

Please open Notepad and go to Format and uncheck Word Wrap. This will make your log much easier to read..



NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
TahoeDolphin
Posted 15 June 2008 - 03:18 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Thank you for posting. I just got my computer back. My friend got the virus off but I still have problems. I will run the scan you said and post it and another Hijack This just in case you need it too.
Thank you again
Tahoe
  • 0

#4
TahoeDolphin
Posted 15 June 2008 - 03:33 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Deckard's System Scanner v20071014.68
Run by Wendy on 2008-06-15 14:22:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-06-15 21:22:39 UTC - RP549 - Deckard's System Scanner Restore Point
10: 2008-06-15 21:00:59 UTC - RP548 - Software Distribution Service 3.0
9: 2008-06-15 20:52:34 UTC - RP547 - Unsigned driver install
8: 2008-06-14 14:54:57 UTC - RP546 - Software Distribution Service 3.0
7: 2008-06-14 14:50:35 UTC - RP545 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-10 04:54:54 UTC - RP539 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Wendy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:43 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Wendy\Desktop\dss.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wendy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickCare2.2] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QuickCare2.2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Qwest Live - {B61C026B-8BE4-4A6B-B25E-9755192F1D93} - http://qwest.live.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/PiratePoppers.1.0.0.39.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tahoedolphin....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety....lscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119907180062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119907100421
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse...mChronicles.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} (NvsViewer Class) - http://web.venturaco...s/NVSViewer.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} (PG Class) - http://web.venturaco...NVSProtocol.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcaf...0,2/mcmysec.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...313/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/Sweetopia.1.0.0.46.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - Winlogon Notify: ddayy - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: Privacy Protection - about:home

--
End of file - 15924 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - DefaultIcon - unable to read value
.reg - regfile - shell\open\command - unable to read value
.reg - regfile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys <Not Verified; Microsoft Corporation; Microsoft IntelliPoint>

S2 aswFsBlk - c:\windows\system32\drivers\aswfsblk.sys (file missing)
S3 FTDIBUS (USB Serial Converter Driver) - c:\windows\system32\drivers\ftdibus.sys <Not Verified; FTDI Ltd.; FT8U232AX>
S3 FTSER2K (USB Serial Port Driver) - c:\windows\system32\drivers\ftser2k.sys <Not Verified; FTDI Ltd.; FT8U232AX>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 14:01:24 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-14 00:21:14 0 d--h---c- C:\WINDOWS\$hf_mig$
2008-06-13 23:36:27 374 -ra------ C:\WINDOWS\system32\DWLAB.DAT
2008-06-13 23:25:39 0 d------c- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-13 23:08:19 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-13 22:55:42 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-06-13 22:55:42 48128 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-06-13 22:55:42 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-06-13 22:55:42 28195 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-06-13 22:55:14 262144 --a------ C:\WINDOWS\system32\wnicapi.dll <Not Verified; Wireless Service; WNICAPI Dynamic Link Library>
2008-06-13 22:55:14 233472 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; ; WlanApp Dynamic Link Library>
2008-06-13 22:55:14 217088 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-06-13 22:55:13 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-06-13 22:55:13 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-06-13 22:55:13 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-06-13 22:55:13 679936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Wireless Service; ANIWZCS Dynamic Link Library>
2008-06-13 22:55:13 45115 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-06-13 22:55:12 0 d------c- C:\Program Files\ANI
2008-06-13 21:02:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-13 20:59:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\eAcceleration
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-13 20:53:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-13 20:53:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-13 20:53:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-13 20:53:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-13 20:53:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-13 20:53:35 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-13 20:53:29 0 d------c- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-10 16:33:03 0 d--hs--c- C:\Documents and Settings\Wendy\Recent
2008-06-10 09:15:22 0 d------c- C:\Program Files\Acceleration Software
2008-06-10 09:15:05 0 d------c- C:\Documents and Settings\Wendy\Application Data\eAcceleration
2008-06-10 09:14:09 0 d------c- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-06-10 09:13:58 0 d------c- C:\Program Files\eAcceleration
2008-06-10 09:13:47 0 d------c- C:\Program Files\Common Files\eAcceleration
2008-06-09 16:00:40 0 d------c- C:\WINDOWS\McAfee.com
2008-06-09 12:30:44 0 d------c- C:\Program Files\Trend Micro
2008-06-08 22:00:28 0 d------c- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-08 21:52:39 164 --a------ C:\install.dat
2008-06-08 21:43:05 0 d------c- C:\Documents and Settings\Wendy\Application Data\AXPFixer
2008-06-08 20:52:14 0 d------c- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-08 20:47:14 0 d------c- C:\Program Files\Common Files\iS3
2008-06-08 20:47:10 0 d------c- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-08 18:51:45 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 09:05:47 0 d------c- C:\Documents and Settings\Wendy\Application Data\AXPDefender
2008-06-07 17:23:22 0 d------c- C:\Documents and Settings\Wendy\Application Data\shc71wj0et2p
2008-06-07 17:22:31 92160 --a----c- C:\WINDOWS\system32\lphc11wj0et2p.exe
2008-06-07 15:31:37 160012 --a----c- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-05-19 12:36:19 0 d------c- C:\WINDOWS\EPSON CardMonitor Essential
2008-05-19 12:36:00 0 d------c- C:\WINDOWS\EPSON PhotoStarter Essential
2008-05-19 11:56:18 0 d------c- C:\Program Files\epson
2008-05-18 13:19:02 337 --a------ C:\WINDOWS\system32\tablet.dat
2008-05-18 13:18:57 0 d-------- C:\WINDOWS\system32\WTablet
2008-05-18 13:18:56 102400 --a------ C:\WINDOWS\system32\Wintab32.dll <Not Verified; Wacom Technology, Corp.; Wacom Technology, Corp. WINTAB32>
2008-05-18 13:18:56 15744 --a------ C:\WINDOWS\system32\wintab.dll
2008-05-18 13:18:56 65536 --a------ C:\WINDOWS\system32\TabUnst.dll
2008-05-18 13:18:56 44544 --a------ C:\WINDOWS\system32\TabHook.dll <Not Verified; Wacom Technology, Corp.; Wacom Technology TabHook>
2008-05-18 13:18:56 8138 --a------ C:\WINDOWS\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
2008-05-18 13:18:55 634880 --a------ C:\WINDOWS\system32\Tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
2008-05-18 13:18:55 0 d------c- C:\Program Files\Wacom
2008-05-18 13:18:46 13408 --a------ C:\WINDOWS\system32\tabinst.dll
2008-05-18 13:18:46 4032 --a------ C:\WINDOWS\system32\tabins16.dll
2008-05-18 13:18:46 36864 --a------ C:\WINDOWS\system32\pencls32.dll <Not Verified; Wacom Technology; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-06-13 22:56:07 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-06-10 09:13:47 0 d------c- C:\Program Files\Common Files
2008-06-08 22:04:46 0 d------c- C:\Program Files\Webroot
2008-06-08 21:59:48 0 d------c- C:\Documents and Settings\Wendy\Application Data\Webroot
2008-06-08 21:29:29 0 d------c- C:\Documents and Settings\Wendy\Application Data\MSN6
2008-06-08 15:49:09 0 d------c- C:\Program Files\Common Files\Webroot Shared
2008-06-07 17:15:33 7520 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-05 18:27:20 0 d------c- C:\Program Files\Yahoo!
2008-06-01 15:07:15 0 d------c- C:\Program Files\XnView
2008-05-21 12:49:26 0 d------c- C:\Program Files\Paltalk Messenger
2008-05-15 10:47:33 303616 --a----c- C:\WINDOWS\system32\wmstream.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-05-15 10:05:04 0 d------c- C:\Program Files\Java
2008-05-14 12:28:18 0 d------c- C:\Program Files\Messenger
2008-05-14 09:23:54 0 d------c- C:\Documents and Settings\Wendy\Application Data\Adobe
2008-05-12 10:30:02 0 d------c- C:\Program Files\Movie Maker
2008-05-12 10:23:13 0 d------c- C:\Program Files\Windows NT
2008-05-07 11:50:33 0 d------c- C:\Documents and Settings\Wendy\Application Data\Paltalk
2008-05-06 17:48:38 0 d------c- C:\Documents and Settings\Wendy\Application Data\WinRAR
2008-05-06 16:21:22 0 d------c- C:\Program Files\Google
2008-05-06 16:20:48 0 d------c- C:\Program Files\Windows Live
2008-05-06 16:19:59 0 d------c- C:\Documents and Settings\Wendy\Application Data\Windows Live Writer
2008-05-05 18:26:44 0 d------c- C:\Program Files\QuickTime
2008-05-05 18:01:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-05 17:43:21 0 d------c- C:\Program Files\Common Files\Adobe
2008-04-25 18:33:06 0 d------c- C:\Program Files\MSBuild
2008-04-24 10:08:38 0 d------c- C:\Program Files\iColorFolder
2008-04-22 11:13:10 0 d------c- C:\Program Files\Alwil Software
2008-04-20 19:13:18 0 d------c- C:\Program Files\Alien Skin
2008-04-20 19:11:30 0 d------c- C:\Documents and Settings\Wendy\Application Data\Alien Skin
2008-04-18 15:49:45 0 d------c- C:\Documents and Settings\Wendy\Application Data\PlayFirst
2008-04-15 09:05:57 10171 --a----c- C:\Documents and Settings\Wendy\Application Data\.googlewebacchosts
2008-04-05 14:49:28 56 --a----c- C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8151A608-00FB-4D5C-8B8D-40E239E32A42}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"NvCplDaemon"="RUNDLL32.exe" [04/13/2008 05:12 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [04/01/2005 04:16 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [04/13/2008 05:12 PM C:\WINDOWS\system32\rundll32.exe]
"QuickCare2.2"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [05/04/2007 07:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"@"="" []
"Webroot Desktop Firewall"="C:\Program Files\Webroot\Desktop Firewall\WDF.exe" [10/20/2007 01:20 PM]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [04/15/2008 04:30 PM]
"StopSignSsTsMon"="Rundll32.exe" [04/13/2008 05:12 PM C:\WINDOWS\system32\rundll32.exe]
"StopSignSsSsMon"="Rundll32.exe" [04/13/2008 05:12 PM C:\WINDOWS\system32\rundll32.exe]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [05/14/2008 04:06 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2007 12:41 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"StopSignSsSsMon"="Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"ForceStartMenuLogoff"=1 (0x1)
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wendy^Start Menu^Programs^Startup^Konfabulator.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc11wj0et2p]
C:\WINDOWS\system32\lphc11wj0et2p.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msn.exe]
C:\Program Files\MSN\MSNCoreFiles\msn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidLeecher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-15 14:32:00 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 767.3 MiB / 363.21 MiB
Pagefile Memory (total/avail): 1238.18 MiB / 835.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 26.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 232.88 GiB total, 190.3 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD400BB-75CAA0 - 37.25 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:

\\.\PHYSICALDRIVE1 - Initio 5DLAT80 USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wendy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THEFISHERFAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wendy
LOGONSERVER=\\THEFISHERFAMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Maestro Learning\Common;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wendy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wendy\LOCALS~1\Temp
USERDOMAIN=THEFISHERFAMILY
USERNAME=Wendy
USERPROFILE=C:\Documents and Settings\Wendy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Wendy (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
--> "C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s
--> "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
--> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll
--> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll
--> C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D261CA3-5C68-494A-89D1-5DE68ED23146}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
20/20 v2.2 --> C:\PROGRA~1\byLight\2020\UNWISE.EXE C:\PROGRA~1\byLight\2020\INSTALL.LOG
3D Shadow by Lokas Software --> C:\WINDOWS\AWuninstall.exe Software\Lokas Ltd\3D Shadow
Actiontec Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Allume BoostXP 2.0.0.61 --> "C:\Program Files\Allume BoostXP\unins000.exe"
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ChaosPro 3.2 --> F:\CHAOSP~1.2\UNWISE.EXE F:\CHAOSP~1.2\INSTALL.LOG
Clear Cache feature for Internet Explorer --> MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digimax Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}\setup.exe" -l0x9
Digimax U-CA 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B5B5920-B3AA-44AE-8F94-1CF3ECA42102}\Setup.exe" anything
Digimax Viewer 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}\Setup.exe"
DIGOpt -->
DIGReqEx -->
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\EPUPDATE.EXE /r
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
Font Xplorer 1.2.2 --> F:\Font Xplorer\Uninstall.exe F:\FONTXP~1\Install.log
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Google Pack Screensaver --> C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iCF Skin Pack --> C:\Program Files\iColorFolder\Uninstall Skin Pack.exe
iColorFolder --> C:\Program Files\iColorFolder\uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Jasc Paint Shop Pro 9.01 - (9.0.1.1) --> C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch --> C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Microsoft IntelliPoint 4.0 -->
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
MS The Dolphin Assistant(Remove only) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\Dolphin.inf, Uninstall.NT
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PhotoFreebies 1.01 --> "F:\My PSP Files\Plugins\PhotoFreebies\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Print Lab Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D87D6386-3C2D-4239-9780-3418FB7B0E94}\Setup.exe" -l0x9 anything
PSP Thumbnail Handler --> C:\Program Files\PSP Thumbnail Handler\Setup.exe /uninstall
QuickConnect --> C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Qwest QuickCare 2.2 --> "C:\Progr
  • 0

#5
TahoeDolphin
Posted 15 June 2008 - 03:38 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The ANIO and ANIWZCS2 Service just showed up on my computer. I do not know where they came from.
  • 0

#6
fenzodahl512
Posted 15 June 2008 - 08:40 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following...

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\odSupp_M.dll
      C:\WINDOWS\system32\lphc11wj0et2p.exe
  • Click on the submit button. You can only submit one file at a time.
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8151A608-00FB-4D5C-8B8D-40E239E32A42} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: ddayy - C:\WINDOWS\

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply..

1. Jotti/VirusTotal results (for both files)
2. MalwareBytes'
3. a fresh Deckard System Scanner log (after MalwareBytes' step)
4. Tell me, do you use D-Link wireless applications/hardware?


Regards
fenzodahl512
  • 0

#7
TahoeDolphin
Posted 17 June 2008 - 05:36 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
All the scans logs are posted below and no I do not D-Link. I have a wireless modem and use it for my Wii but not the computer. That showed up after my friend help get the first virus off. When I got the computer back it was on there. Have no idea where it came from. He did not add it. Thank you. I got my wallpaper and screensaver settings back and was able to get that darn blue and yellow box off!!!

Jotti File Submission:

Service load: 0% 100%

File: odSupp_M.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 940df3f813b798d3c1f612983a7e50ea
Packers detected: -

Scanner results
Scan taken on 17 Jun 2008 20:52:54 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



0% 100%

File: lphc11wj0et2p.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 76c39742037f86d3c56e6ce735092c67
Packers detected: -

Scanner results
Scan taken on 17 Jun 2008 20:50:12 (GMT)
A-Squared Found nothing
AntiVir Found TR/Peed.A.504
ArcaVir Found Trojan.Downloader.Zlob.Olh
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found Agent.WIM
BitDefender Found Trojan.Peed.Gen
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Pakes.ddd
Fortinet Found FakeAlert!tr
Ikarus Found Trojan.Peed
Kaspersky Anti-Virus Found Trojan.Win32.Pakes.ddd
NOD32 Found nothing
Norman Virus Control Found W32/Renos.VV
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Pakes.ddd






Malwarebytes' Anti-Malware 1.17
Database version: 864

3:01:40 PM 6/17/2008
mbam-log-6-17-2008 (15-01-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 107712
Time elapsed: 54 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 12
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Wendy\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wendy\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{67BAF36B-6BA3-4BBF-A70E-04953B874060}\RP539\A0172327.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\63.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\66.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ec.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f6.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f9.tmp._eac_qt_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc11wj0et2p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.


Deckard's System Scanner v20071014.68
Run by Wendy on 2008-06-17 16:19:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Wendy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:12 PM, on 6/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Documents and Settings\Wendy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wendy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickCare2.2] "C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" /P QuickCare2.2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Qwest Live - {B61C026B-8BE4-4A6B-B25E-9755192F1D93} - http://qwest.live.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/PiratePoppers.1.0.0.39.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tahoedolphin....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety....lscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119907180062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119907100421
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse...mChronicles.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} (NvsViewer Class) - http://web.venturaco...s/NVSViewer.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} (PG Class) - http://web.venturaco...NVSProtocol.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcaf...0,2/mcmysec.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...313/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - file:///C:/Documents%20and%20Settings/Wendy/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/Sweetopia.1.0.0.46.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: Privacy Protection - about:home

--
End of file - 15506 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 14:05:10 0 d--hs--c- C:\Documents and Settings\Wendy\Recent
2008-06-17 14:02:19 0 d------c- C:\Documents and Settings\Wendy\Application Data\Malwarebytes
2008-06-17 14:02:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 14:02:07 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 00:21:14 0 d--h---c- C:\WINDOWS\$hf_mig$
2008-06-13 23:36:27 374 -ra------ C:\WINDOWS\system32\DWLAB.DAT
2008-06-13 23:25:39 0 d------c- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-13 23:08:19 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-13 22:55:42 36864 --a------ C:\WINDOWS\system32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-06-13 22:55:42 48128 --a------ C:\WINDOWS\system32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-06-13 22:55:42 11904 --a------ C:\WINDOWS\system32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-06-13 22:55:42 28195 --a------ C:\WINDOWS\system32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-06-13 22:55:14 262144 --a------ C:\WINDOWS\system32\wnicapi.dll <Not Verified; Wireless Service; WNICAPI Dynamic Link Library>
2008-06-13 22:55:14 233472 --a------ C:\WINDOWS\system32\WlanApp.dll <Not Verified; ; WlanApp Dynamic Link Library>
2008-06-13 22:55:14 217088 --a------ C:\WINDOWS\system32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-06-13 22:55:13 1327189 --a------ C:\WINDOWS\system32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-06-13 22:55:13 49152 --a------ C:\WINDOWS\system32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-06-13 22:55:13 49152 --a------ C:\WINDOWS\system32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-06-13 22:55:13 679936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll <Not Verified; Wireless Service; ANIWZCS Dynamic Link Library>
2008-06-13 22:55:13 45115 --a------ C:\WINDOWS\system32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-06-13 22:55:12 0 d------c- C:\Program Files\ANI
2008-06-13 21:02:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-06-13 20:59:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\eAcceleration
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-13 20:53:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-13 20:53:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-13 20:53:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-13 20:53:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-13 20:53:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-13 20:53:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-13 20:53:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-13 20:53:35 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-13 20:53:29 0 d------c- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-10 09:15:22 0 d------c- C:\Program Files\Acceleration Software
2008-06-10 09:15:05 0 d------c- C:\Documents and Settings\Wendy\Application Data\eAcceleration
2008-06-10 09:14:09 0 d------c- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-06-10 09:13:58 0 d------c- C:\Program Files\eAcceleration
2008-06-10 09:13:47 0 d------c- C:\Program Files\Common Files\eAcceleration
2008-06-09 16:00:40 0 d------c- C:\WINDOWS\McAfee.com
2008-06-09 12:30:44 0 d------c- C:\Program Files\Trend Micro
2008-06-08 22:00:28 0 d------c- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-08 21:52:39 164 --a------ C:\install.dat
2008-06-08 20:52:14 0 d------c- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-08 20:47:14 0 d------c- C:\Program Files\Common Files\iS3
2008-06-08 20:47:10 0 d------c- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-08 18:51:45 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 17:23:22 0 d------c- C:\Documents and Settings\Wendy\Application Data\shc71wj0et2p
2008-06-07 15:31:37 160012 --a----c- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2008-05-19 12:36:19 0 d------c- C:\WINDOWS\EPSON CardMonitor Essential
2008-05-19 12:36:00 0 d------c- C:\WINDOWS\EPSON PhotoStarter Essential
2008-05-19 11:56:18 0 d------c- C:\Program Files\epson
2008-05-18 13:19:02 337 --a------ C:\WINDOWS\system32\tablet.dat
2008-05-18 13:18:57 0 d-------- C:\WINDOWS\system32\WTablet
2008-05-18 13:18:56 102400 --a------ C:\WINDOWS\system32\Wintab32.dll <Not Verified; Wacom Technology, Corp.; Wacom Technology, Corp. WINTAB32>
2008-05-18 13:18:56 15744 --a------ C:\WINDOWS\system32\wintab.dll
2008-05-18 13:18:56 65536 --a------ C:\WINDOWS\system32\TabUnst.dll
2008-05-18 13:18:56 44544 --a------ C:\WINDOWS\system32\TabHook.dll <Not Verified; Wacom Technology, Corp.; Wacom Technology TabHook>
2008-05-18 13:18:56 8138 --a------ C:\WINDOWS\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
2008-05-18 13:18:55 634880 --a------ C:\WINDOWS\system32\Tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
2008-05-18 13:18:55 0 d------c- C:\Program Files\Wacom
2008-05-18 13:18:46 13408 --a------ C:\WINDOWS\system32\tabinst.dll
2008-05-18 13:18:46 4032 --a------ C:\WINDOWS\system32\tabins16.dll
2008-05-18 13:18:46 36864 --a------ C:\WINDOWS\system32\pencls32.dll <Not Verified; Wacom Technology; Microsoft® Windows ® 2000 Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-06-17 16:18:41 0 d------c- C:\Documents and Settings\Wendy\Application Data\MSN6
2008-06-13 22:56:07 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-06-10 09:13:47 0 d------c- C:\Program Files\Common Files
2008-06-08 22:04:46 0 d------c- C:\Program Files\Webroot
2008-06-08 21:59:48 0 d------c- C:\Documents and Settings\Wendy\Application Data\Webroot
2008-06-08 15:49:09 0 d------c- C:\Program Files\Common Files\Webroot Shared
2008-06-07 17:15:33 7520 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-05 18:27:20 0 d------c- C:\Program Files\Yahoo!
2008-06-01 15:07:15 0 d------c- C:\Program Files\XnView
2008-05-21 12:49:26 0 d------c- C:\Program Files\Paltalk Messenger
2008-05-15 10:47:33 303616 --a----c- C:\WINDOWS\system32\wmstream.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-05-15 10:05:04 0 d------c- C:\Program Files\Java
2008-05-14 12:28:18 0 d------c- C:\Program Files\Messenger
2008-05-14 09:23:54 0 d------c- C:\Documents and Settings\Wendy\Application Data\Adobe
2008-05-12 10:30:02 0 d------c- C:\Program Files\Movie Maker
2008-05-12 10:23:13 0 d------c- C:\Program Files\Windows NT
2008-05-07 11:50:33 0 d------c- C:\Documents and Settings\Wendy\Application Data\Paltalk
2008-05-06 17:48:38 0 d------c- C:\Documents and Settings\Wendy\Application Data\WinRAR
2008-05-06 16:21:22 0 d------c- C:\Program Files\Google
2008-05-06 16:20:48 0 d------c- C:\Program Files\Windows Live
2008-05-06 16:19:59 0 d------c- C:\Documents and Settings\Wendy\Application Data\Windows Live Writer
2008-05-05 18:26:44 0 d------c- C:\Program Files\QuickTime
2008-05-05 18:01:06 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-05 17:43:21 0 d------c- C:\Program Files\Common Files\Adobe
2008-04-25 18:33:06 0 d------c- C:\Program Files\MSBuild
2008-04-24 10:08:38 0 d------c- C:\Program Files\iColorFolder
2008-04-22 11:13:10 0 d------c- C:\Program Files\Alwil Software
2008-04-20 19:13:18 0 d------c- C:\Program Files\Alien Skin
2008-04-20 19:11:30 0 d------c- C:\Documents and Settings\Wendy\Application Data\Alien Skin
2008-04-18 15:49:45 0 d------c- C:\Documents and Settings\Wendy\Application Data\PlayFirst
2008-04-15 09:05:57 10171 --a----c- C:\Documents and Settings\Wendy\Application Data\.googlewebacchosts
2008-04-05 14:49:28 56 --a----c- C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-06-17 16:23:17 ------------
  • 0

#8
fenzodahl512
Posted 17 June 2008 - 05:51 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. What I can tell you is that the service is legit and it is associated with D-Link hardware.. I'd rather not to remove it as you might lost your wireless/internet connection in your computer...


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Tell me about your computer condition.. Also, tell me, do you use eAcceleration antivirus?


Regards
fenzodahl512
  • 0

#9
TahoeDolphin
Posted 17 June 2008 - 06:15 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
That is fine with the D-Link hardware. If it is safe it can stay. I am running the Kaspersky scan now or it is updating now. eAcceleration antivirus is what my friend put on the computer. I have not used it. I really do not think I need it. I will post the results of the scan when it is done.
  • 0

#10
fenzodahl512
Posted 17 June 2008 - 06:20 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. take your time.. I'm going off to work.. :)
  • 0

Advertisements

#11
TahoeDolphin
Posted 19 June 2008 - 03:30 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 19, 2008 15:17:52
Records in database: 879503
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 60831
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:53:05


File name / Threat name / Threats count
C:\System Volume Information\_restore{67BAF36B-6BA3-4BBF-A70E-04953B874060}\RP539\A0172322.exe Infected: Trojan.Win32.Vapsup.giw 1

The selected area was scanned.
  • 0

#12
fenzodahl512
Posted 20 June 2008 - 08:18 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, apology for my late reply.. I was in hospital for two days due to bad food (food poisoning..)

Fist of all, your logs look clean to my eyes :)


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore




NEXT


I noticed that you use eAcceleration software as your antivirus and Malwarebytes' as your antispyware..


I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.


Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#13
TahoeDolphin
Posted 21 June 2008 - 06:13 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
First I just want to say so sorry to here about you being sick. Food poisoning is not fun. Second thank you for all your help. I am going to stay a member and I have even recommended this fourm to my friends. You guys ROCK!!!! :)

Ok I unistalled all the Java and reinstalled the new version. I redid my System Restore. I then went and checked if I needed to defrag. It was fine. I had done it the other day when after I took stuff off the computer.

I have Webroot Spyware and their Desktop Firewall. I love the Firewall. Always warning me. I already have my computer set up for Microsoft Window Updates. I just got some Updates yesterday or Thursaday. Get there emails too.

I have a lot more space on my computer now and it seems to be running faster. I only having a problem with Windows Explore. When I close out of it I get an error message saying it did not close right. I do not get it all the time though. If I get it again I will make a new post where it needs to go.

I have CCleaner and clean my computer before I turn it off. I have a question about their Registry cleaner. Is is safe to use? I have used it in the past but just want to make sure. Thank you so much and again Thank you for all your help. I hope you are feeling better.
:) :) :)

Here is a Registry scan from CCleaner~ (Can I click fix it to get rid of them?) Did does look like stuff that is not needed but that is just what I think? :) LOL!!!! If you are not sure or can't answer and I need to post some place else that is ok. Just thought I would ask since I had your attention. :)

Missing Shared DLL C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\ticker13.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\YbConvFav030408.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\TLIEFlashCtrlU.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\PURen-us.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\UCRen-us.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\MsnUpld.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\ZIntro.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\wwlaunch.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\cubis.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\sol.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\swapit.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\hangman.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\SnapfishOutlookImport1001.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\gpcontrol.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\McMysec.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\setup.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\pandaonline.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\wlscBase.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\mjolauncher.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\webscan.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\StProxy.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\StagingUI.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\yinsthelper.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\GrooveAX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\OTOYAX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\driveragent.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.46.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\InstallerControl.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\dream.1.0.0.9.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL C:\WINDOWS\Downloaded Program Files\IEGetPlugin.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL HKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\StagingUI.ocx HKCR\CLSID\{05D44720-58E3-49E6-BDF6-D00330E511D3}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\SnapfishOutlookImport1001.ocx HKCR\CLSID\{10E0E75E-6701-4134-9D95-C0942ED1F1C8}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll HKCR\CLSID\{1D6E056F-D1BB-40F6-88E4-11EE98056FD2}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX HKCR\CLSID\{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{33F9C869-A43A-4138-B7A1-1E9598466EC5}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx HKCR\CLSID\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\pandaonline.dll HKCR\CLSID\{3DA5D23B-EFE1-4181-ADB7-7D457567AACA}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx HKCR\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\InstallerControl.dll HKCR\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\IEGetPlugin.ocx HKCR\CLSID\{459E93B6-150E-45d5-8D4B-45C66FC035FE}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.39.dll HKCR\CLSID\{49E67060-2C0D-415e-94C7-52A49F73B2F1}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll HKCR\CLSID\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\cubis.ocx HKCR\CLSID\{52A96D89-6AF9-4D57-A035-5340C0D3285E}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx HKCR\CLSID\{5736C456-EA94-4AAC-BB08-917ABDD035B3}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\wlscBase.dll HKCR\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll HKCR\CLSID\{5F0C30E4-1E72-4dcc-85E5-57810F1CA97B}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{69D797FE-62A0-4A86-9027-5C79634BA7F6}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\hangman.ocx HKCR\CLSID\{6B587B0C-0C3F-40BF-8FCD-A705519F33C1}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll HKCR\CLSID\{6E5A37BF-FD42-463A-877C-4EB7002E68AE}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{7746874F-26C2-4E52-A26A-F22A15DD42B3}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\dream.1.0.0.9.dll HKCR\CLSID\{775879E2-7309-4619-BB02-AADE41F4B690}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\OTOYAX.dll HKCR\CLSID\{77e32299-629f-43c6-ab77-6a1e6d7663f6}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\webscan.dll HKCR\CLSID\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\mjolauncher.dll HKCR\CLSID\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll HKCR\CLSID\{80B626D6-BC34-4bcf-B5A1-7149E4FD9CFA}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll HKCR\CLSID\{81025641-DE98-4F76-902A-44F48B3510BE}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{84BD32BE-61DC-45EF-997B-71127537D330}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\wwlaunch.ocx HKCR\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\YbConvFav030408.dll HKCR\CLSID\{924C1588-90C3-4910-B6CA-D57A1C0418FE}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\TLIEFlashCtrlU.dll HKCR\CLSID\{94B82441-A413-4E43-8422-D49930E69764}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\cubis.ocx HKCR\CLSID\{97438FE9-D361-4279-BA82-98CC0877A717}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\sol.ocx HKCR\CLSID\{9903F4ED-B673-456A-A15F-ED90C7DE9EF5}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\MsnUpld.dll HKCR\CLSID\{9A54032D-31F7-400d-B184-83B33BDE65FA}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll HKCR\CLSID\{A89551E8-992E-48D0-A90C-3E78CF66B217}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\swapit.ocx HKCR\CLSID\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\hangman.ocx HKCR\CLSID\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx HKCR\CLSID\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ZIntro.ocx HKCR\CLSID\{B8BE5E93-A60C-4D26-A2DC-220313175592}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\McMysec.dll HKCR\CLSID\{BDD2F926-8158-4F62-9E0D-B3B75FD1F07F}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\sol.ocx HKCR\CLSID\{C2653D93-E666-49DA-9E07-E19040E97D0D}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx HKCR\CLSID\{CB5AB6FE-43E4-4C12-86F1-8F9444C6DA34}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll HKCR\CLSID\{CF0547A5-6006-468E-AF17-3C627124C898}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll HKCR\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}
ActiveX/COM Issue InProcServer32\C:\DOCUME~1\Wendy\LOCALS~1\Temp\EAC1057220370_00000000\setup.exe HKCR\CLSID\{D3B5D1B0-37BF-4133-AE07-A46957077ED5}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\gpcontrol.dll HKCR\CLSID\{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\StProxy.dll HKCR\CLSID\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\DOWNLO~1\swapit.ocx HKCR\CLSID\{E1BF6092-F857-4C3E-9321-FD19A70D5328}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\driveragent.ocx HKCR\CLSID\{E8F628B5-259A-4734-97EE-BA914D7BE941}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ticker13.ocx HKCR\CLSID\{E9C554A4-A51A-4146-B7E4-09D0772B1553}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ticker13.ocx HKCR\CLSID\{EF0DBA6F-43CE-4b26-9808-2AB38FA0DB29}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\ticker13.ocx HKCR\CLSID\{F280BEC2-C8CC-4bb2-96B6-EAD58D3E7E2D}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx HKCR\CLSID\{F58E1CEF-A068-4c15-BA5E-587CAF3EE8C6}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx HKCR\CLSID\{FA980E7E-9E44-4d2f-B3C2-9A5BE42525F8}
ActiveX/COM Issue InProcServer32\C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.46.dll HKCR\CLSID\{FC4CAF5F-91BD-4dd9-ADC1-F3C737E37BC4}
Application Paths Issue YourApp.exe - C:\Program Files\ANI\ANIWZCS2 Service\YourApp.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe
Uninstaller Reference Issue RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\3DGroove
Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB950760
Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB950762
Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB951376
Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2
Uninstaller Reference Issue "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB951698
Uninstaller Reference Issue {02A5AE29-B68C-42F0-B3A4-FA32F69BDA05} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{02A5AE29-B68C-42F0-B3A4-FA32F69BDA05}
Uninstaller Reference Issue {032B93E8-D9A1-48D2-AA51-D057ABBA9E52} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{032B93E8-D9A1-48D2-AA51-D057ABBA9E52}
Uninstaller Reference Issue {09966C32-C34D-4FF4-8C7E-94A9630DDEF8} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{09966C32-C34D-4FF4-8C7E-94A9630DDEF8}
Uninstaller Reference Issue {106E7A1C-22DA-42D7-8E74-37772A9C89FB} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{106E7A1C-22DA-42D7-8E74-37772A9C89FB}
Uninstaller Reference Issue {125F0ACC-D3FC-402B-8D96-27F6E46D00D5} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}
Uninstaller Reference Issue {14D00B5A-64AE-4D82-8751-EC1F486D9292} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{14D00B5A-64AE-4D82-8751-EC1F486D9292}
Uninstaller Reference Issue {19DBC608-AD2B-4F4C-AEE2-C19DAC252408} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{19DBC608-AD2B-4F4C-AEE2-C19DAC252408}
Uninstaller Reference Issue {32971938-65B1-4B38-B483-9A32560B7CF2} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{32971938-65B1-4B38-B483-9A32560B7CF2}
Uninstaller Reference Issue {3F17F488-C976-4DE5-86F1-66CDB7D89DAA} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F17F488-C976-4DE5-86F1-66CDB7D89DAA}
Uninstaller Reference Issue {45D68F08-56A0-4412-BB0F-8492BE978AC7} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45D68F08-56A0-4412-BB0F-8492BE978AC7}
Uninstaller Reference Issue {4D072D56-B07B-4798-97B2-B9E7A4F53EAC} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4D072D56-B07B-4798-97B2-B9E7A4F53EAC}
Uninstaller Reference Issue {558CD0A7-0548-4220-88FE-01CC1477DF61} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{558CD0A7-0548-4220-88FE-01CC1477DF61}
Uninstaller Reference Issue {5AC9F44E-06C7-41E3-A464-37177AB9105D} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5AC9F44E-06C7-41E3-A464-37177AB9105D}
Uninstaller Reference Issue {6510DDD6-5DD4-4DCF-A92C-6763F5F46239} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6510DDD6-5DD4-4DCF-A92C-6763F5F46239}
Uninstaller Reference Issue {6A6A5A40-FB6D-402C-8516-CC61E6DFE524} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6A6A5A40-FB6D-402C-8516-CC61E6DFE524}
Uninstaller Reference Issue {7C3E3706-8FBD-4169-9726-0A47FBF9D32A} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}
Uninstaller Reference Issue {901C63FD-6673-47A6-9B5F-B13E3EBFA470} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{901C63FD-6673-47A6-9B5F-B13E3EBFA470}
Uninstaller Reference Issue {923D89F2-B3D7-4530-8165-309F1DE72706} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{923D89F2-B3D7-4530-8165-309F1DE72706}
Uninstaller Reference Issue {AC182206-047F-4D5B-B24B-1D39125F73AD} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC182206-047F-4D5B-B24B-1D39125F73AD}
Uninstaller Reference Issue {B945219C-C51C-4BD0-BAD5-A3FED95B555F} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B945219C-C51C-4BD0-BAD5-A3FED95B555F}
Uninstaller Reference Issue {C3CE4CED-46B0-407E-A703-7A83AAE02A36} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3CE4CED-46B0-407E-A703-7A83AAE02A36}
Uninstaller Reference Issue {C4535494-0732-4123-BD27-8A000D3B36F2} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4535494-0732-4123-BD27-8A000D3B36F2}
Uninstaller Reference Issue {CAED31B1-F1EF-4CD3-AE92-58FA3963DA3D} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CAED31B1-F1EF-4CD3-AE92-58FA3963DA3D}
Uninstaller Reference Issue {D264B937-F97B-4C4F-AA6A-7C31FC09AC4B} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D264B937-F97B-4C4F-AA6A-7C31FC09AC4B}
Uninstaller Reference Issue {DA256408-A2E7-41A5-8AD6-62ACB86A0FD7} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}
Uninstaller Reference Issue {DBE84DB2-1794-4244-9859-9B720CA89B4D} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DBE84DB2-1794-4244-9859-9B720CA89B4D}
Uninstaller Reference Issue {E4AA17E3-D058-48B3-8D3B-E96FC2C95376} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4AA17E3-D058-48B3-8D3B-E96FC2C95376}
Uninstaller Reference Issue {F10DA4F3-D5E3-46F8-B403-EFBD44936922} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F10DA4F3-D5E3-46F8-B403-EFBD44936922}
Uninstaller Reference Issue {F25DB693-5AF2-4739-B20A-EB8E05E0F72D} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F25DB693-5AF2-4739-B20A-EB8E05E0F72D}
Uninstaller Reference Issue {F68E3631-68ED-4970-8D77-B81FE83AA6A1} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F68E3631-68ED-4970-8D77-B81FE83AA6A1}
Uninstaller Reference Issue {F891AAF3-DE9F-4445-85CF-6E41261A7F5A} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F891AAF3-DE9F-4445-85CF-6E41261A7F5A}
Uninstaller Reference Issue {FBA6882A-8289-4DAF-A8D1-AD591FD9DF3A} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FBA6882A-8289-4DAF-A8D1-AD591FD9DF3A}
Obsolete software key Malwarebytes' Anti-Malware HKLM\Software\Malwarebytes' Anti-Malware
Missing MUI Reference C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference C:\WINDOWS\system32\lphc11wj0et2p.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference C:\WINDOWS\system32\blphc11wj0et2p.scr HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference C:\Documents and Settings\Wendy\My Documents\My Downloads\dss.exe HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference C:\DOCUME~1\Wendy\LOCALS~1\Temp\is-UF9JJ.tmp\mbam-setup.tmp HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • 0

#14
fenzodahl512
Posted 21 June 2008 - 06:57 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the feedback.. Very much appreciated.. :)


About CCleaner.. I personally used it my self.. however, while CCleaner is an excellent program, I won't recommend you to use its Registry Scan option.. In fact, I personally don't recommend any registry cleaner/optimizer software...


Should you choose to use it, please back-up your registry first as if anything went wrong, you can restore back your Registry to its original condition.. I recommend you to use ERUNT to back-up your Registry..

For detailed instruction on how to back-up registry via ERUNT, please visit HERE

And to restore back your Registry via ERUNT, please go to C:\WINDOWS\ERDNT or where ever you save the backup registry before and look for the latest date of registry backup that you perform before. Double click on that file and press Ok at prompt.

The ERUNT backup file should look like this: Posted Image

Edited by fenzodahl512, 21 June 2008 - 06:58 PM.

  • 0

#15
TahoeDolphin
Posted 22 June 2008 - 06:45 PM

TahoeDolphin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you for your help. I always hear that it is not good to run Registry scans unless you know what you are deleting but since CCleaner had one I was not sure. Thank you again and I hope I answered all the ? above. My computer is running great now!! Thank you again. You are welcome to close this post if we got everything. :)

Tahoe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP