Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer / Lots Of Popups / Hijackthis Log / Need Help!


  • Please log in to reply
2 replies to this topic

#1 Personel_Vendetta

Personel_Vendetta

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 25 May 2008 - 05:43 PM

Deckard's System Scanner v20071014.68
Run by Larry Johnston on 2008-05-25 15:27:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-05-25 22:28:08 UTC - RP491 - Deckard's System Scanner Restore Point
5: 2008-05-25 18:55:21 UTC - RP490 - Restore Operation
4: 2008-05-25 04:12:04 UTC - RP489 - System Checkpoint
3: 2008-05-24 03:12:05 UTC - RP488 - System Checkpoint
2: 2008-05-23 02:26:17 UTC - RP487 - System Checkpoint


-- First Restore Point --
1: 2008-05-23 01:56:55 UTC - RP486 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).


-- HijackThis (run as Larry Johnston.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:38 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\WINDOWS\system32\cidaemon.exe
F:\WINDOWS\system32\cidaemon.exe
F:\PROGRA~1\McAfee.com\Agent\mcagent.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\BCMSMMSG.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Documents and Settings\Larry Johnston\My Documents\i-hate-keyloggers.exe
F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Nikon\PictureProject\NkbMonitor.exe
F:\Program Files\Java\jre6\bin\javaw.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Documents and Settings\Larry Johnston\Desktop\dss.exe
F:\Program Files\Microsoft Money\System\urlmap.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Larry Johnston.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1798029F-97A3-4FD4-8882-3866D4491F47} - F:\WINDOWS\system32\xxyvtsTL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {574BD67D-77CA-4FBA-81DA-609D7D848738} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9DFF98EA-FFEA-4EDC-8408-C2A209A1A16A} - (no file)
O2 - BHO: (no name) - {B30F8195-D15C-4EB5-879E-A8E204099B99} - (no file)
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - F:\WINDOWS\system32\geBstqQg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - F:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagent] "F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "F:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] F:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] F:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] F:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [MMTray] F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "F:\WINDOWS\system32\bpwpsxsm.dll",b
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "F:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKCU\..\Run: [I-Hate-Keyloggers] F:\Documents and Settings\Larry Johnston\My Documents\i-hate-keyloggers.exe
O4 - Startup: syn.jar
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = F:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e8459925d0204bf29ed2b5ec6fa4b925
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e8459925d0204bf29ed2b5ec6fa4b925
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - F:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: geBstqQg - F:\WINDOWS\SYSTEM32\geBstqQg.dll
O20 - Winlogon Notify: winxtx32 - F:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: gnowmebk - {7CDC186A-FAF3-4A67-A90D-C76681772426} - F:\WINDOWS\gnowmebk.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - F:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm

--
End of file - 11413 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - f:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 bvrp_pci - f:\windows\system32\drivers\bvrp_pci.sys
S3 XBCD (XBCD Kernel Module) - f:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 JavaQuickStarterService (Java Quick Starter) - "f:\program files\java\jre6\bin\jqs.exe" -service -config "f:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>

S3 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "f:\program files\bonjour\mdnsresponder.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 15:30:02 256 --a------ F:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-21 13:20:02 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-15 01:00:01 368 --a------ F:\WINDOWS\Tasks\McDefragTask.job
2008-04-01 01:00:00 370 --a------ F:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 15:34:13 0 d-------- F:\Program Files\Trend Micro
2008-05-25 12:32:46 2560 --a------ F:\WINDOWS\system32\tynoielu.exe
2008-05-25 12:29:46 115712 --a------ F:\WINDOWS\system32\kcgbfkft.dll
2008-05-25 12:23:46 136704 --a------ F:\WINDOWS\system32\pokywlje.dll
2008-05-25 12:17:51 125440 --a------ F:\WINDOWS\system32\gvbirtct.dll
2008-05-22 16:45:02 115200 --a------ F:\WINDOWS\system32\atjunfef.dll
2008-05-22 16:42:35 2560 --a------ F:\WINDOWS\system32\ejgjbwtp.exe
2008-05-22 16:42:02 134144 --a------ F:\WINDOWS\system32\edxagxei.dll
2008-05-22 16:41:20 0 d-------- F:\Program Files\AnVir Task Manager Free
2008-05-22 16:39:49 126464 --a------ F:\WINDOWS\system32\ipebscyu.dll
2008-05-22 11:41:12 2560 --a------ F:\WINDOWS\system32\wwydepra.exe
2008-05-22 11:35:12 134144 --a------ F:\WINDOWS\system32\wkprphos.dll
2008-05-22 11:29:12 126464 --a------ F:\WINDOWS\system32\jhgrcsiu.dll
2008-05-22 00:05:34 9728 --a------ F:\Program Files\tmp2.exe
2008-05-22 00:05:34 9728 --a------ F:\Program Files\tmp1.exe
2008-05-22 00:05:34 9728 --a------ F:\Program Files\tmp0.exe
2008-05-22 00:05:29 0 d-------- F:\WINDOWS\system32\824223
2008-05-22 00:05:29 19456 --a------ F:\Program Files\bho.exe
2008-05-21 21:56:02 0 d-------- F:\WINDOWS\privacy_danger
2008-05-21 21:08:15 102912 --a------ F:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-21 21:08:15 209008 --a------ F:\WINDOWS\system32\kbhookdll.dll
2008-05-21 20:18:06 62910 --a------ F:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-05-21 20:18:06 0 --a------ F:\Program Files\uninstall.dat
2008-05-21 19:04:45 0 d-------- F:\Program Files\Bonjour
2008-05-21 18:09:20 114688 --a------ F:\WINDOWS\system32\rytxhgjt.dll
2008-05-21 18:07:57 911444 --ahs---- F:\WINDOWS\system32\LTstvyxx.ini2
2008-05-21 18:07:33 370176 --a------ F:\WINDOWS\system32\xxyvtsTL.dll
2008-05-21 18:05:28 29312 --a------ F:\WINDOWS\system32\ssqNDwxW.dll
2008-05-21 18:05:23 225280 --a------ F:\WINDOWS\pxgdslro.dll
2008-05-21 18:05:23 81920 --a------ F:\WINDOWS\mdtgkswr.exe
2008-05-21 18:05:23 204800 --a------ F:\WINDOWS\gnowmebk.dll
2008-05-21 18:05:23 155648 --a------ F:\WINDOWS\gktxaspm.dll
2008-05-21 18:05:23 159744 --a------ F:\WINDOWS\elsq.exe
2008-05-21 18:02:21 57344 --a------ F:\WINDOWS\system32\geBstqQg.dll
2008-05-20 17:31:14 0 d-------- F:\Documents and Settings\Larry Johnston\.SunDownloadManager
2008-05-18 20:51:03 2118 --a------ F:\Documents and Settings\Larry Johnston\cd
2008-05-16 11:27:27 0 d-------- F:\Documents and Settings\Larry Johnston\Application Data\mIRC
2008-05-16 11:27:26 0 d-------- F:\Program Files\mIRC
2008-05-16 11:26:18 25600 --a------ F:\WINDOWS\system32\winxtx32.dll
2008-05-12 18:53:16 3596288 --a------ F:\WINDOWS\system32\qt-dx331.dll
2008-05-12 18:50:16 196608 --a------ F:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 18:50:16 81920 --a------ F:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 18:50:08 802816 --a------ F:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 18:50:08 823296 --a------ F:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:08 831488 --a------ F:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 18:50:08 823296 --a------ F:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:06 682496 --a------ F:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:49:02 12288 --a------ F:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 18:01:37 32 -ra------ F:\Documents and Settings\Larry Johnston\hash.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-21 19:04:35 0 d-------- F:\Program Files\Common Files\Adobe
2008-05-21 19:02:57 0 d-------- F:\Documents and Settings\Larry Johnston\Application Data\Adobe
2008-05-21 17:41:17 0 d-------- F:\Program Files\Morpheus
2008-05-19 21:11:02 0 d-------- F:\Program Files\DivX
2008-05-18 20:49:20 0 d-------- F:\Program Files\Java
2008-05-16 19:07:47 1292 --a------ F:\WINDOWS\mozver.dat
2008-05-14 20:37:30 0 d-------- F:\Documents and Settings\Larry Johnston\Application Data\HP
2008-04-24 07:44:03 0 d-------- F:\Program Files\Common Files
2008-04-22 19:36:21 0 d-------- F:\Program Files\VS Revo Group
2008-04-22 19:36:13 0 d-------- F:\Program Files\RAM Idle LE
2008-04-22 19:26:49 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-04-21 21:06:22 0 d-------- F:\Program Files\Three Rings Design
2008-04-21 15:39:31 0 d-------- F:\Program Files\McAfee
2008-04-18 16:06:53 0 d-------- F:\Program Files\XBCD
2008-04-15 21:42:17 0 d-------- F:\Documents and Settings\Larry Johnston\Application Data\U3
2008-04-11 20:31:45 0 d-------- F:\Program Files\Microsoft Works
2008-04-11 20:30:00 0 d-------- F:\Program Files\Microsoft.NET
2008-04-07 20:35:45 0 d-------- F:\Program Files\Game_Maker6
2008-04-05 15:39:42 0 d-------- F:\Program Files\Veoh Networks
2008-04-05 15:35:30 0 d-------- F:\Program Files\Quick StartUp
2008-03-29 22:16:24 0 d-------- F:\Program Files\Image-Line
2008-03-29 22:14:58 0 d-------- F:\Program Files\Steinberg
2008-03-28 03:01:32 0 d-------- F:\Program Files\Windows Live
2008-03-26 20:56:50 0 d-------- F:\Program Files\Microsoft SQL Server Compact Edition
2008-03-26 20:53:10 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1798029F-97A3-4FD4-8882-3866D4491F47}]
05/21/2008 06:07 PM 370176 --a------ F:\WINDOWS\system32\xxyvtsTL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{574BD67D-77CA-4FBA-81DA-609D7D848738}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DFF98EA-FFEA-4EDC-8408-C2A209A1A16A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B30F8195-D15C-4EB5-879E-A8E204099B99}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD962BAB-F429-460F-805B-B137087AB623}]
05/21/2008 06:02 PM 57344 --a------ F:\WINDOWS\system32\geBstqQg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
05/18/2008 08:21 PM 34816 --a------ F:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"diagent"="F:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 01:01 AM]
"UpdReg"="F:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"WorksFUD"="F:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 05:34 PM]
"Microsoft Works Portfolio"="F:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 02:52 PM]
"Microsoft Works Update Detection"="F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 09:41 PM]
"MoneyStartUp10.0"="F:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 10:00 AM]
"AdaptecDirectCD"="F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/2002 04:44 PM]
"DwlClient"="F:\Program Files\Common Files\Dell\EUSW\Support.exe" [08/22/2002 01:11 PM]
"NvCplDaemon"="F:\WINDOWS\System32\NvCpl.dll" [10/06/2003 02:16 PM]
"nwiz"="nwiz.exe" [10/06/2003 02:16 PM F:\WINDOWS\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM F:\WINDOWS\BCMSMMSG.exe]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"MP10_EnsureFileVer"="F:\WINDOWS\inf\unregmp2.exe" [08/04/2004 12:56 AM]
"mcagent_exe"="F:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RAM Idle Professional"="F:\Program Files\RAM Idle LE\RAM_XP.exe" [01/17/2006 05:38 AM]
"MMTray"="F:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"000000af"="F:\WINDOWS\system32\bpwpsxsm.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"WinSpywareProtect (ver. 5.1)"="F:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" []
"I-Hate-Keyloggers"="F:\Documents and Settings\Larry Johnston\My Documents\i-hate-keyloggers.exe" [07/16/2006 07:20 PM]

F:\Documents and Settings\Larry Johnston\Start Menu\Programs\Startup\
syn.jar [4/16/2008 7:27:47 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - F:\Program Files\Digital Line Detect\DLG.exe [4/27/2007 10:44:30 AM]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
HP Image Zone Fast Start.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 12:49:24 AM]
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 4:06:54 PM]
NkbMonitor.exe.lnk - F:\Program Files\Nikon\PictureProject\NkbMonitor.exe [7/12/2007 6:38:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///F:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BD962BAB-F429-460F-805B-B137087AB623}"= F:\WINDOWS\system32\geBstqQg.dll [05/21/2008 06:02 PM 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {7CDC186A-FAF3-4A67-A90D-C76681772426} - F:\WINDOWS\gnowmebk.dll [05/21/2008 08:43 AM 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBstqQg]
geBstqQg.dll 05/21/2008 06:02 PM 57344 F:\WINDOWS\system32\geBstqQg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32]
winxtx32.dll 05/16/2008 11:26 AM 25600 F:\WINDOWS\system32\winxtx32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\xxyvtsTL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3E88A26-E3FD-6CB6-FED6-73773A3B8AE1}]
F:\WINDOWS\system32:lpsass.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8118 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-25 15:36:45 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 1023 MiB / 213.96 MiB
Pagefile Memory (total/avail): 2461.84 MiB / 1856.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.44 MiB

A: is Removable (No Media)
C: is Removable (No Media)
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 74.52 GiB total, 39.34 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - F:

\\.\PHYSICALDRIVE1 - HP Photosmart 3310x USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Morpheus\\Morpheus.exe"="F:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Larry Johnston\Application Data
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=PIPE-3CTKCWKL7V
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Larry Johnston
LOGONSERVER=\\PIPE-3CTKCWKL7V
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\Program Files\Mozilla Firefox;F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\LARRYJ~1\LOCALS~1\Temp
TMP=F:\DOCUME~1\LARRYJ~1\LOCALS~1\Temp
USERDOMAIN=PIPE-3CTKCWKL7V
USERNAME=Larry Johnston
USERPROFILE=F:\Documents and Settings\Larry Johnston
windir=F:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Larry Johnston (admin)
Zana Johnston (admin)
Nate Johnston (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "F:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> "F:\Program Files\Uninstall.exe"
--> F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> F:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnVir Task Manager Free --> "F:\Program Files\AnVir Task Manager Free\AnVir.exe" Uninstall
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
BCM V.92 56K Modem --> F:\WINDOWS\BCMSMU.exe quiet
BitLord 1.1 --> F:\Program Files\BitLord\uninst.exe
Dell Modem-On-Hold --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
Dell ResourceCD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Digital Line Detect --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FL Studio v7.0 --> "F:\Program Files\Image-Line\FL Studio 7\unins000.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Game Maker 6.1 --> F:\Program Files\Game_Maker6\Uninstal.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> F:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> F:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "F:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> F:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
McAfee SecurityCenter --> F:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 96 Encyclopedia --> F:\Program Files\Microsoft Reference\Encarta 96 Encyc\setup\setup.exe
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "F:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "F:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works 2002 Setup Launcher --> F:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
mIRC --> F:\Program Files\mIRC\uninstall.exe _?=F:\Program Files\mIRC
Modem Helper --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Modem User Guide --> F:\WINDOWS\uninst.exe -f"F:\Program Files\Modem User Guide\DeIsL2.isu" -cF:\PROGRA~1\MODEMU~1\_ISREG32.DLL
Morpheus 5.3 (remove only) --> "F:\Program Files\Morpheus\UninstMorpheus.exe"
Move Networks Media Player for Internet Explorer --> F:\Documents and Settings\Larry Johnston\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Display Driver --> F:\WINDOWS\System32\nvudisp.exe Uninstall F:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
OLYMPUS CAMEDIA Master 4.1 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PictureProject --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PSP Video 9 2.24 --> F:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Quick StartUp 2.3 --> "F:\Program Files\Quick StartUp\unins000.exe"
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shockwave --> F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Soldat 1.4.2 --> "F:\Soldat\unins000.exe"
Sound Blaster Live! --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
Spybot - Search & Destroy --> "F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> F:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component --> "F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "F:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe
XBCD 1.07 --> F:\Program Files\XBCD\uninst.exe
Xfire (remove only) --> "F:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21 / Error
Event Submitted/Written: 05/25/2008 02:53:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type18 / Error
Event Submitted/Written: 05/25/2008 00:19:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqtra08.exe, version 53.0.13.0, faulting module unknown, version 0.0.0.0, fault address 0x7ca21816.
Processing media-specific event for [hpqtra08.exe!ws!]

Event Record #/Type15 / Error
Event Submitted/Written: 05/25/2008 00:04:52 PM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on f:\program files\dell\support\ui\search\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type11 / Error
Event Submitted/Written: 05/25/2008 11:57:57 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
MCSCAN32 Engine Initialisation failed.
Engine returned error : 3

Event Record #/Type8 / Error
Event Submitted/Written: 05/25/2008 11:49:23 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type130681 / Error
Event Submitted/Written: 05/25/2008 03:30:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type130660 / Error
Event Submitted/Written: 05/25/2008 02:30:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type130658 / Error
Event Submitted/Written: 05/25/2008 01:30:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type130653 / Error
Event Submitted/Written: 05/25/2008 00:30:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type130320 / Error
Event Submitted/Written: 05/25/2008 11:30:02 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-05-25 15:36:45 ------------



















I also thought I would mention that the spam is always SystemDefender and when I try to close the windows, they are ALWAYS non-responsive. Thank you for your time, I hope that I can be able to fix this.

BC AdBot (Login to Remove)

 


#2 Personel_Vendetta

Personel_Vendetta
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 26 May 2008 - 12:48 AM

Topic title was: 20+ Vundo Trojans, Yeaah.. I need help ~ OB
Well my computer has been acting very weirdly ever since i tried to download some mp3's and such.. typical teenager that I am. Ever since then, i have been getting spam popups, and my Spybot Tea Timer has been going crazy from all these registry changes. So i decided to download MalwareBytes and scan my computer. Hours later, i find I have 67 infected files, 20+ are Trojans. I restarted and saved the log after the scan was done, and here it is:

04/26/2007 17:03:03 NoClear flag is specified.

04/26/2007 17:03:03 COM initialized with S_OK success code.

04/26/2007 17:03:03 Branding Internet Explorer...
04/26/2007 17:03:03 Command line is "/mode:isp /peruser".

04/26/2007 17:03:03 Global branding settings are:
04/26/2007 17:03:03 Context is (0x01C00008) "Internet Content Providers, running from per-user stub";
04/26/2007 17:03:03 Settings file is "F:\Program Files\Internet Explorer\Signup\install.ins";
04/26/2007 17:03:03 Target folder path is "F:\Program Files\Internet Explorer\Signup".
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 About to clear previous branding...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing migration of old settings...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing wininet setup...
04/26/2007 17:03:03 There are no connection settings to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing deletion of connection settings...
04/26/2007 17:03:03 Existing connection settings weren't specified to be deleted!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing zones HKCU settings...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing local machine policies and restrictions...
04/26/2007 17:03:03 There are no local machine *.inf files to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing current user policies and restrictions...
04/26/2007 17:03:03 There are no current user *.inf files to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing legacy policies and restrictions...
04/26/2007 17:03:03 There are no local machine *.inf files to process!
04/26/2007 17:03:03 There are no current user *.inf files to process!
04/26/2007 17:03:03 There are no legacy *.inf files to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing general customizations...
04/26/2007 17:03:03 Company name is set to "Microsoft Corporation".
04/26/2007 17:03:03 Custom key is set to "MICROSO".
04/26/2007 17:03:03 Wizard version is set to "6.0.2600.0000".
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing Help->About customization...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing browser toolbar buttons...
04/26/2007 17:03:03 There are no toolbar buttons to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing root certificates...
04/26/2007 17:03:03 This feature is for ISPs only!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing deletion of favorites and/or quick links...
04/26/2007 17:03:03 None of the favorites folders were specified to be deleted!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing favorites...
04/26/2007 17:03:03 Creating separate thread for processing favorites...

04/26/2007 17:03:03 COM initialized with S_OK success code.
04/26/2007 17:03:03 Using [FavoritesEx] section...

04/26/2007 17:03:03 Preprocessing "Title1" title key...
04/26/2007 17:03:03 Preprocessing "URL1" URL key...
04/26/2007 17:03:03 Adding this favorite:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 <Favorites> folder location is "F:\Documents and Settings\Larry Johnston\Favorites".
04/26/2007 17:03:03 Title - "MSN.com.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Title2" title key...
04/26/2007 17:03:03 Preprocessing "URL2" URL key...
04/26/2007 17:03:03 Adding this favorite:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 Title - "Radio Station Guide.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Title3" title key...
04/26/2007 17:03:03 Failed with E_FAIL.

04/26/2007 17:03:03 Preprocessing "Title4" title key...
04/26/2007 17:03:03 This key doesn't exist indicating that there are no more favorites.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing ordering of favorites...
04/26/2007 17:03:03 Favorites will be put into the default position!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing quick links...
04/26/2007 17:03:03 Creating separate thread for processing quick links...

04/26/2007 17:03:03 COM initialized with S_OK success code.
04/26/2007 17:03:03 Preprocessing "Quick_Link_1_Name" quick link title key...
04/26/2007 17:03:03 Preprocessing "Quick_Link_1" quick link URL key...
04/26/2007 17:03:03 Adding this quick link:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 Title - "Links\Customize Links.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Quick_Link_2_Name" quick link title key...
04/26/2007 17:03:03 Preprocessing "Quick_Link_2" quick link URL key...
04/26/2007 17:03:03 Adding this quick link:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 Title - "Links\Free Hotmail.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Quick_Link_3_Name" quick link title key...
04/26/2007 17:03:03 Preprocessing "Quick_Link_3" quick link URL key...
04/26/2007 17:03:03 Adding this quick link:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 Title - "Links\Windows.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Quick_Link_4_Name" quick link title key...
04/26/2007 17:03:03 Preprocessing "Quick_Link_4" quick link URL key...
04/26/2007 17:03:03 Adding this quick link:
04/26/2007 17:03:03 Determining favorites attributes...
04/26/2007 17:03:03 Title - "Links\Windows Media.url",
04/26/2007 17:03:03 URL - "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia",
04/26/2007 17:03:03 with a default icon,
04/26/2007 17:03:03 not marked IEAK created,
04/26/2007 17:03:03 not made available offline
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Preprocessing "Quick_Link_5_Name" quick link title key...
04/26/2007 17:03:03 This key doesn't exist indicating that there are no more quick links.
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing ordering of quick links...
04/26/2007 17:03:03 Quick Links will be put into the default position!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing connection settings...
04/26/2007 17:03:03 There are no connection settings to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing TrustedPublisherLockdown restriction...
04/26/2007 17:03:03 This restriction is not set!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Registering download URLs as safe for updating IE...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Deleting links...
04/26/2007 17:03:03 No links to delete!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Branding Outlook Express...
04/26/2007 17:03:03 There are no Outlook Express settings to brand!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing active desktop customizations...
04/26/2007 17:03:03 No desktop customizations to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing channels and their categories (if any)...
04/26/2007 17:03:03 There are no channels to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing software update channels...
04/26/2007 17:03:03 <Web> folder location is "F:\WINDOWS\Web".
04/26/2007 17:03:03 There are no software update channels to add!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Actual processing of channels by calling webcheck.dll "DllInstall" API...
04/26/2007 17:03:03 There is no webcheck processing necessary!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Showing channel bar on the desktop...
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Processing subscriptions...
04/26/2007 17:03:03 There are no subscriptions to process!
04/26/2007 17:03:03 Done.

04/26/2007 17:03:03 Refreshing browser settings...
04/26/2007 17:03:03 Broadcasting "Windows settings change" to all top level windows...
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.
04/26/2007 17:03:03 Done.

Merged topics. ~ OB

Edited by Orange Blossom, 26 May 2008 - 12:54 AM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:32 AM

Posted 27 May 2008 - 08:42 PM

Hello Personel_Vendetta and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users