Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp : Ca Anti Virus Infection Alert File Name: C:\\windows\system32\batmete.dll


  • This topic is locked This topic is locked
22 replies to this topic

#1 therealsanderk

therealsanderk

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 03 December 2007 - 10:23 PM

Somebody - please help me remove this darn thing. Any help would be great

Windows XP : CA Anti Virus Infection Alert File Name: C:\\WINDOWS\system32\batmete.dll
Infection: Win32/KVOL.H



logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:38 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\csrss.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\DOCUME~1\OWNER\DESKTOP\UNUSED~1\WINZIP\winzip32.exe
C:\unzipped\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.surfya.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://community.surfya.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B874FBAF-0C9F-4E2C-82B4-1E2A292C167C} - C:\WINDOWS\system32\batmete.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9110 bytes

BC AdBot (Login to Remove)

 


m

#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 04 December 2007 - 08:12 AM

Hello therealsanderk and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.


Please follow the steps below exactly in the order they are written:

Step #1
1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.
Step #2
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Post back with ComboFix report, uninstal list and new HijackThis report.

Regards,
SNOWHITE
Posted Image

#3 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 December 2007 - 01:18 AM

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.43 [GMT -8:00]Running from: C:\Documents and Settings\Linz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\batmete.dll
C:\WINDOWS\system32\drivers\vhpmilvt.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_TRIHXTGX
-------\trihxtgx


((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-04 20:09 . 2003-07-24 01:56 <DIR> d----c--- C:\Documents and Settings\Administrator\WINDOWS
2007-12-04 20:09 . 2003-07-26 00:54 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-04 20:09 . 2003-07-24 01:35 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-04 20:09 . 2003-07-24 02:02 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-04 20:09 . 2003-07-26 00:57 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-29 21:17 . 2007-11-29 21:19 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 21:14 . 2007-11-29 21:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-28 22:18 . 2007-11-29 12:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\CA
2007-11-28 21:52 . 2007-11-28 21:52 <DIR> d-------- C:\Program Files\AskSBar
2007-11-28 21:47 . 2007-11-28 21:53 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\GetRightToGo
2007-11-17 17:07 . 2007-11-17 17:13 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Audacity
2007-11-16 18:05 . 2007-11-16 18:05 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Syntrillium
2007-11-16 16:38 . 2007-11-16 16:38 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Music Recognition
2007-11-16 16:11 . 2007-11-16 16:12 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Anvil Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 04:23 --------- d-----w C:\Program Files\Soulseek
2007-11-30 21:03 --------- dc----w C:\Documents and Settings\Linz\Application Data\AdobeUM
2007-11-30 05:18 --------- d-----w C:\Program Files\iPod
2007-11-30 05:13 --------- d-----w C:\Program Files\Apple Software Update
2007-11-30 00:09 99,904 ----a-w C:\WINDOWS\system32\isafeif.dll
2007-11-30 00:09 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-11-30 00:09 75,280 ----a-w C:\WINDOWS\system32\isafprod.dll
2007-11-30 00:09 32,528 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-11-30 00:09 26,640 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2007-11-30 00:09 21,648 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-11-30 00:09 21,392 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2007-11-29 20:32 879,832 -c--a-w C:\WINDOWS\system32\drivers\vetefile.sys
2007-11-29 20:32 108,360 -c--a-w C:\WINDOWS\system32\drivers\veteboot.sys
2007-11-29 06:43 --------- dc----w C:\Documents and Settings\Linz\Application Data\interMute
2007-11-29 06:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 23:17 --------- dc----w C:\Documents and Settings\Linz\Application Data\Ahead
2007-11-16 06:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 05:38 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-10-23 04:37 --------- d-----w C:\Program Files\Image-Line
2007-10-21 21:32 --------- d-----w C:\Program Files\TextAloud
2007-10-20 17:01 --------- d-----w C:\Program Files\PestPatrol
2006-09-01 06:51 30,208 -c--a-w C:\Documents and Settings\Linz\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-28 21:52 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-28 21:52 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-28 21:52 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-28 21:52 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="rundll32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 15:33]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-03-14 18:15]
"Aim6"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-05-12 12:04]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 16:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 19:28]
"PestPatrol Control Center"="C:\Program Files\PestPatrol\PPControl.exe" [2002-10-04 14:53]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2002-10-15 21:16]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2002-11-07 17:56]
"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 C:\WINDOWS\system32\S3tray2.exe]
"IEACCESS"="C:\WINDOWS\system32\temp532.exe" [2005-07-19 21:08]
"HostManager"="C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe" [2005-07-29 08:53]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-05 19:30]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 10:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 10:51]
"eTrustPPAP"="G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-11-28 22:20]
"cctray"="G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2007-11-29 16:09]
"CAVRID"="G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-11-29 16:09]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 09:19]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 02:03:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE [2006-04-10 20:19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-09-23 09:10 143360 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2003-03-01 16:40 125440 --a--c--- C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-06-17 17:13 118784 --a--c--- C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 16:35:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2003-12-28 18:15:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 09:55:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 10:02:02 - machine was rebooted
.
--- E O F ---
--------------------------------------------------------------------------------------------------------

Here is the uninstall list

Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AOL Uninstaller
Apple Mobile Device Support
Apple Software Update
Ares 2.0.8
ASIO4ALL
Ask Toolbar
CA Anti-Virus
CA eTrust PestPatrol Anti-Spyware
Compaq Connections
CursorXP
EPSON Printer Software
Excavation from Compaq (remove only)
FL Studio v7.0
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
IL Download Manager
InCD
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Mars Rover from Compaq (remove only)
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (1.0.7)
Music Visualizer Library 1.4.00
Musicmatch® Jukebox
Nero 6 Ultra Edition
Nero Media Player
Nero PhotoShow Express
NeroMIX
NeroVision Express 3
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealPlayer
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
SetupPPUpdater
Sonic Implants - 7' Stereo Grand Piano for SB Cards
Sonic Update Manager
SoulSeek 157 test 8
SoulSeek Client 156b
TurboTax ItsDeductible 2005
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Weblink
WildTangent Web Driver
WindowBlinds
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip Self-Extractor
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar


--------------------------------------------------------------
Here is the Hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:59 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.surfya.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://community.surfya.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8751 bytes

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 05 December 2007 - 08:21 PM

Hello therealsanderk,

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER




Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.surfya.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://community.surfya.com/
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step #2

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\temp532.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Java 2 Runtime Environment, SE v1.4.1_02
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
#OPTIONAL:
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

WildTangent Web Driver

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

Operating System Version
CPU Type and Speed
Memory Amount
Video Card type and Driver Version
Sound Card type and Driver Version
DirectX Version
Location that the Web Driver was installed from
It is also a MAJOR resource hog.

Please note any other programs that you don't recognize in that list in your next response


Step #4

- Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • - Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

- Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

- Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Post back with OTMoveIt report, AVG Anti-Spyware report and new HijackThis log. Let me know how is the computer running.

Regards,

Edited by SNOWHITE, 05 December 2007 - 08:23 PM.

SNOWHITE
Posted Image

#5 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 December 2007 - 07:17 PM

Hello - everything went good but Step 2. Please help me on what to do next. Computer seeems to be working better so far. Thanks for all your help.

Step 1. Everything went good

Step 2. this is the results C:\WINDOWS\system32\temp532.exe moved successfully.
Created on 12/05/2007 09:05:38 (please let me know if there is another report from OT moveit that im supposed to post)

Step 3. I received this message at the add / remove program place "The installshield engine could not be launched. An error occurred during seek operation."

Step 4. Everything went good.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:49 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\setup_wm.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\unzipped\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\ppdoupdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatport.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8902 bytes


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:38:40 PM 12/5/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\sideb.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UBS1OXYB\sideb[1].exe -> Adware.EliteBar : Cleaned with backup (quarantined).
G:\WINDOWS\sideb.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\!KillBox\batmete.dll -> Downloader.Delf.dbo : Cleaned with backup (quarantined).
C:\!KillBox\batmete.dll( 1) -> Downloader.Delf.dbo : Cleaned with backup (quarantined).
C:\!KillBox\batmete.dll( 2) -> Downloader.Delf.dbo : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\catchme2007-12-04_ 95236.59.zip/batmete.dll -> Downloader.Delf.dbo : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll -> Downloader.QDown.l : Cleaned with backup (quarantined).
C:\WINDOWS\uk_efp.exe -> Downloader.Small.bci : Cleaned with backup (quarantined).
G:\WINDOWS\uk_efp.exe -> Downloader.Small.bci : Cleaned with backup (quarantined).
C:\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Cookies\owner@7search[1].txt -> TrackingCookie.7search : Cleaned.
:mozilla.85:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.122:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.123:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Cookies\owner@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.59:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.78:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Cookies\owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.129:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.130:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.77:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Cookies\owner@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.
C:\Cookies\owner@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Cookies\owner@twci.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Cookies\owner@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
C:\Cookies\owner@dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Cookies\owner@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Cookies\owner@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjlicndpihoq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whcpoapq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqldjmlpqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloopc5eaqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Cookies\owner@euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.75:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Cookies\owner@gator[2].txt -> TrackingCookie.Gator : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-amanet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-autodesk.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-cbs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-newyorklife.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-northwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-sonyelec.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-sonypictures.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-thebrainyard.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg-theviptour.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Cookies\owner@w108.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.175:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.176:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.178:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
C:\Cookies\owner@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Cookies\owner@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.136:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.42:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.43:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Cookies\owner@www7.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.152:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.154:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Cookies\owner@guide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Cookies\owner@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Cookies\owner@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Cookies\owner@www.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Cookies\owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.140:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Cookies\owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.133:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
C:\Cookies\owner@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Cookies\owner@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Cookies\owner@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Cookies\owner@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Cookies\owner@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
:mozilla.115:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Cookies\owner@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Cookies\owner@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.51:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Cookies\owner@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned.
:mozilla.33:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.79:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.80:C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ULW9YTE3\uk_ge[1].exe -> Trojan.Dialer.ap : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\temp532.exe -> Trojan.Dialer.ap : Cleaned with backup (quarantined).
G:\WINDOWS\system32\temp532.exe -> Trojan.Dialer.ap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000015.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000016.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000019.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000020.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000021.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000024.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000025.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0000029.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001052.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001055.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001056.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001057.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001058.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001072.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001074.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001096.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001105.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001112.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001168.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001169.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001173.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001188.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001189.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001211.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002010.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002012.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002013.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002014.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002015.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002018.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002019.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002020.EXE -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002022.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002026.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002032.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002033.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002035.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002036.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002037.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002040.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002041.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0002043.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0002046.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003032.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003033.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003034.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003035.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003037.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003040.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003041.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003043.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003045.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003073.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003078.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003080.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003082.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003084.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003086.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003087.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003088.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003090.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003128.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003130.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003131.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003132.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003133.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0004195.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0004200.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001068.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001069.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1\A0001070.exe -> Worm.VB.dz : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP3\A0003046.exe -> Worm.VB.dz : Cleaned with backup (quarantined).


::Report end

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 06 December 2007 - 11:10 PM

Hello therealsanderk :thumbsup:

Step 2. this is the results C:\WINDOWS\system32\temp532.exe moved successfully.
Created on 12/05/2007 09:05:38 (please let me know if there is another report from OT moveit that im supposed to post)


That is the right report.

How do you connect to internet? I would like to know because there was a dialer on your computer. Depending on what way you use for connecting, dialers can dial very expensive numbers, or they cant.

Step 3. I received this message at the add / remove program place "The installshield engine could not be launched. An error occurred during seek operation."


Do you receive that error while trying to remove old java version, or WildTangent Web Driver?

Please run this online scan:

Panda ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log

Regards,
SNOWHITE
Posted Image

#7 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 December 2007 - 11:33 PM

yo snowhite. Please ignore my comentary on step 3. After retrying to uninstall the old java i was successfull. I also update the computer with java 6. Just to make sure we are on the same page i ran an uninstall list from HJT so u could see. The computer is working pretty good thus far. Please let me know if u want me to do anything else.

Thx,

therealsanderk

Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AOL Uninstaller
Apple Mobile Device Support
Apple Software Update
Ares 2.0.8
ASIO4ALL
Ask Toolbar
AVG Anti-Spyware 7.5
CA Anti-Virus
CA eTrust PestPatrol Anti-Spyware
Compaq Connections
CursorXP
EPSON Printer Software
Excavation from Compaq (remove only)
FL Studio v7.0
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
IL Download Manager
InCD
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java™ 6 Update 3
KBD
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Mars Rover from Compaq (remove only)
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (1.0.7)
Music Visualizer Library 1.4.00
Musicmatch® Jukebox
Nero 6 Ultra Edition
Nero Media Player
Nero PhotoShow Express
NeroMIX
NeroVision Express 3
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealPlayer
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
SetupPPUpdater
Sonic Implants - 7' Stereo Grand Piano for SB Cards
Sonic Update Manager
SoulSeek 157 test 8
SoulSeek Client 156b
TurboTax ItsDeductible 2005
Unlocker 1.8.5
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Weblink
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip Self-Extractor
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

Edited by therealsanderk, 07 December 2007 - 12:45 AM.


#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 07 December 2007 - 10:42 AM

Hi therealsanderk,

yo snowhite. Please ignore my comentary on step 3. After retrying to uninstall the old java i was successfull. I also update the computer with java 6. Just to make sure we are on the same page i ran an uninstall list from HJT so u could see. The computer is working pretty good thus far. Please let me know if u want me to do anything else.


It is good that you installed the latest java update, but i still see the older one in your uninstall list. We will deal with it later. Now follow the instructions in my previous post for running scan with Panda ActiveScan and post back with the report also with new HijackThis log.

Regards,
SNOWHITE
Posted Image

#9 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 December 2007 - 07:15 PM

1. I use Yahoo DSL to connet to the internet. We can delete the dialer if you want. I know i'm not paying to use it

2. Everytime i try to delete the old java version it gives me this message. "The installshield engine (ikernel.exe) could not be launched. An error occurred during seek operation.

3. I delted Wild Tangents. I had no issues with deleting that program.

4. I dont use AOL anymore so we could delete that if you want.

5. Here are the 2 Requested Logs. When i pasted the panda one it came out kinda of sloopy so i uploaded it for you

Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Cookies\owner@atwola[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Cookies\owner@domainsponsor[2].txt
Spyware:Cookie/Go Not disinfected C:\Cookies\owner@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Cookies\owner@hc2.humanclick[1].txt
Spyware:Cookie/Kount Not disinfected C:\Cookies\owner@kount[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Cookies\owner@landing.domainsponsor[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Cookies\owner@seeq[1].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Cookies\owner@stats1.clicktracks[2].txt
Spyware:Cookie/Target Not disinfected C:\Cookies\owner@target[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Cookies\owner@www.affiliatefuel[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Cookies\owner@www.xzoomy[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Cookies\owner@xiti[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt[.go.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Linz\Application Data\Mozilla\Firefox\Profiles\vb2dxi8w.default\cookies.txt[.bravenet.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linz\Desktop\Fixing Computer Stuff\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linz\Desktop\Fixing Computer Stuff\ComboFix.exe[nircmd.cfexe]
Dialer:dialer.bmc Not disinfected C:\Documents and Settings\Linz\Desktop\SurfYa.com.lnk
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Linz\Local Settings\Temp\Cookies\linz@advertising[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jkq8xu0v.default\cookies.txt[.com.com/]
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\23.dat[simple_killw.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3002445554-1364609701-2813986973-1008\Dc3.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3002445554-1364609701-2813986973-1008\Dc3.exe[nircmd.cfexe]
Adware:adware/elitebar Not disinfected C:\WINDOWS\Downloaded Program Files\OSD149F.OSD
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:54 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\unzipped\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatport.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9047 bytes

Attached Files



#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 08 December 2007 - 10:32 PM

Hello therealsanderk,

Please follow the steps below exactly in the order they are written:

Step #1

  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Linz\Desktop\SurfYa.com.lnk
    C:\WINDOWS\Downloaded Program Files\OSD149F.OSD


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #2

We are going to try different approach to remove your old java.

Click on this link http://java.sun.com/products/archive/ at the page scroll down where it says J2SDK/J2RE - 1.4, now you need to find the right version of java in the box next to J2SDK/J2RE - 1.4. The version you need is 1.4.1_02 look at the screen shot:

Posted Image

When you find the right version, click on it so it can be selected and click on the Go button, on the next page you will see something like this:

Posted Image

Click on the Download button under JRE, on the next page you need to accept the Accept License Agreement:

Posted Image

Accept it, at the next page you can download the version you need:

Windows Platform - Java™ 2 Runtime Environment, Standard Edition 1.4.1_02

Posted Image

Click on the link where it says Windows (all languages, including English), the file should be j2re-1_4_1_02-windows-i586-i.exe install it then reboot, go to Add/Remove Programs, uninstall Java 2 Runtime Environment, SE v1.4.1_02, reboot again.

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Step #4

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Post back with OTMoveIt report, dss scan reports main.txt and extra.txt, Kaspersky report, also let me know how will uninstalling old java go this time. :thumbsup:

Regards,
SNOWHITE
Posted Image

#11 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 09 December 2007 - 01:09 PM

1. everthing went great. C:\Documents and Settings\Linz\Desktop\SurfYa.com.lnk moved successfully.
C:\WINDOWS\Downloaded Program Files\OSD149F.OSD moved successfully.

Created on 12/09/2007 01:52:53

2. Still get the same error message.

3. Deckard's System Scanner v20071014.68
Run by Linz on 2007-12-09 02:05:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-12-09 10:06:32 UTC - RP18 - Deckard's System Scanner Restore Point
17: 2007-12-08 12:22:17 UTC - RP17 - System Checkpoint
16: 2007-12-07 04:24:40 UTC - RP16 - Installed Java™ 6 Update 3
15: 2007-12-04 17:41:32 UTC - RP15 - ComboFix created restore point
14: 2007-12-03 20:11:57 UTC - RP14 - System Checkpoint


-- First Restore Point --
1: 2007-11-18 08:20:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


-- HijackThis (run as Linz.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:46 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Soulseek\slsk.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Documents and Settings\Linz\Desktop\Fixing Computer Stuff\dss.exe
C:\unzipped\HIJACK~1\Linz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatport.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9145 bytes

-- HijackThis Fixed Entries (C:\unzipped\HIJACK~1\backups\) --------------------

backup-20071205-090449-727 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://community.surfya.com/
backup-20071205-090449-819 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.surfya.com/
backup-20071205-090450-788 O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
backup-20071205-090450-873 O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\linz\locals~1\temp\catchme.sys (file missing)
S3 LVcKap (Logitech AEC Driver) - c:\windows\system32\drivers\lvckap.sys (file missing)
S3 LVMVDrv (Logitech Machine Vision Engine Loader) - c:\windows\system32\drivers\lvmvdrv.sys (file missing)
S3 LVPr2Mon (Logitech LVPr2Mon Driver) - c:\windows\system32\drivers\lvpr2mon.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing)
S3 PID_08A0 (Logitech QuickCam IM(PID_08A0)) - c:\windows\system32\drivers\lv302av.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 LVPrcSrv (Logitech Process Monitor) - c:\program files\common files\logitech\lvmvfm\lvprcsrv.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-08 08:35:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2003-12-28 10:15:42 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-11-09 and 2007-12-09 -----------------------------

2007-12-07 11:06:12 0 d-------- C:\WINDOWS\CAVTemp
2007-12-07 10:52:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-06 20:25:00 0 d-------- C:\Program Files\Common Files\Java
2007-12-06 20:22:19 0 d------c- C:\Documents and Settings\Linz\Application Data\Sun
2007-12-05 09:20:10 0 d------c- C:\Documents and Settings\Linz\Application Data\Grisoft
2007-12-05 09:19:33 0 d------c- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 20:09:12 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-12-04 20:09:12 0 d---s--c- C:\Documents and Settings\Administrator\Cookies
2007-12-04 20:09:12 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-04 20:09:12 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-04 20:09:12 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-04 20:09:11 0 d------c- C:\Documents and Settings\Administrator\WINDOWS
2007-12-04 20:09:11 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2007-12-04 20:09:11 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-12-04 20:09:11 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2007-12-04 20:09:11 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2007-12-04 20:09:11 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2007-12-04 20:09:11 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-04 20:09:11 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2007-12-04 20:09:11 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2007-12-04 20:09:11 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2007-12-03 19:45:47 0 d------c- C:\!KillBox
2007-11-29 21:17:45 0 d-------- C:\Program Files\iTunes
2007-11-29 21:14:55 0 d-------- C:\Program Files\QuickTime
2007-11-28 22:18:13 0 d------c- C:\Documents and Settings\All Users\Application Data\CA
2007-11-28 21:52:06 0 d-------- C:\Program Files\AskSBar
2007-11-28 21:47:06 0 d------c- C:\Documents and Settings\Linz\Application Data\GetRightToGo
2007-11-17 17:07:15 0 d------c- C:\Documents and Settings\Linz\Application Data\Audacity
2007-11-16 18:05:35 0 d------c- C:\Documents and Settings\Linz\Application Data\Syntrillium
2007-11-16 17:07:54 122880 --a------ C:\WINDOWS\UnGins.exe
2007-11-16 16:38:17 0 d------c- C:\Documents and Settings\Linz\Application Data\Music Recognition
2007-11-16 16:11:21 0 d------c- C:\Documents and Settings\Linz\Application Data\Anvil Studio
2007-11-16 16:11:07 29696 --a------ C:\WINDOWS\system32\asutl8.dll
2007-11-16 15:00:02 0 d------c- C:\unzipped
2007-11-15 22:21:39 172032 --a------ C:\WINDOWS\system32\MP2enc.dll
2007-11-15 22:21:39 221184 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-11-15 22:00:12 53 --a------ C:\WINDOWS\system32\buyurl-mmp.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-08 13:11:30 0 d-------- C:\Program Files\Soulseek
2007-12-07 14:13:39 0 d-------- C:\Program Files\PestPatrol
2007-12-07 14:00:40 0 d-------- C:\Program Files\Messenger
2007-12-07 13:53:54 0 d-------- C:\Program Files\Common Files\Scanner
2007-12-07 13:50:59 0 d-------- C:\Program Files\Common Files\aolshare
2007-12-07 13:49:12 0 d-------- C:\Program Files\Ares
2007-12-06 20:27:25 0 d-------- C:\Program Files\Java
2007-12-06 20:25:00 0 d-------- C:\Program Files\Common Files
2007-12-06 20:21:38 0 d-------- C:\Program Files\Java Web Start
2007-11-30 13:03:26 0 d------c- C:\Documents and Settings\Linz\Application Data\AdobeUM
2007-11-29 21:18:42 0 d-------- C:\Program Files\iPod
2007-11-29 21:13:55 0 d-------- C:\Program Files\Apple Software Update
2007-11-28 22:43:13 0 d------c- C:\Documents and Settings\Linz\Application Data\interMute
2007-11-16 15:17:45 0 d------c- C:\Documents and Settings\Linz\Application Data\Ahead
2007-11-15 22:11:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-23 21:38:11 0 d-------- C:\Program Files\ASIO4ALL v2
2007-10-22 20:37:12 0 d-------- C:\Program Files\Image-Line
2007-10-22 20:28:18 1720086 --a------ C:\WINDOWS\system32\TmpA10875562
2007-10-21 13:32:18 0 d-------- C:\Program Files\TextAloud


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
11/28/2007 09:52 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
11/28/2007 09:52 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [11/28/2007 09:52 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 03:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 06:07 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 07:02 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 08:42 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 07:28 PM]
"PestPatrol Control Center"="C:\Program Files\PestPatrol\PPControl.exe" [10/04/2002 02:53 PM]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [10/15/2002 09:16 PM]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [11/07/2002 05:56 PM]
"S3TRAY2"="S3tray2.exe" [02/25/2003 04:33 AM C:\WINDOWS\system32\S3tray2.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe" [07/29/2005 08:53 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2006 07:30 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/19/2006 10:06 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/13/2004 10:51 AM]
"eTrustPPAP"="G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [11/28/2007 10:20 PM]
"cctray"="G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [11/29/2007 04:09 PM]
"CAVRID"="G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe" [11/29/2007 04:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 09:19 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="rundll32.exe" [08/03/2004 11:56 PM C:\WINDOWS\system32\rundll32.exe]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/06/2004 03:33 PM]
"ares"="C:\Program Files\Ares\Ares.exe" [03/14/2007 06:15 PM]
"Aim6"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [05/12/2004 12:04 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/24/2004 04:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [7/24/2003 2:03:28 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE [4/10/2006 8:19:31 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 02:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2007-12-09 02:13:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 223.48 MiB / 43.35 MiB
Pagefile Memory (total/avail): 622.57 MiB / 190.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1953.72 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 32.29 GiB total, 15.72 GiB free.
D: is Fixed (FAT32) - 4.96 GiB total, 0.9 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 57.27 GiB total, 10.64 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6Y060L0 - 57.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 57.27 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 4.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 32.29 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: CA Anti-Virus v8.2.0.13 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Linz\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TYSON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Linz
LOGONSERVER=\\TYSON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Linz\LOCALS~1\Temp
TMP=C:\DOCUME~1\Linz\LOCALS~1\Temp
USERDOMAIN=TYSON
USERNAME=Linz
USERPROFILE=C:\Documents and Settings\Linz
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Linz (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CA Anti-Virus --> "G:\Program Files\CA\eTrust Internet Security Suite\caunst.exe" /u /product=av
CA eTrust PestPatrol Anti-Spyware --> "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Excavation from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9A8CE71F-71D5-4555-B355-85481DC99B80\Uninstall.exe"
FL Studio v7.0 --> "G:\Fruity Loops Final\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\unzipped\HiJackThis\HijackThis.exe" /uninstall
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Mars Rover from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A6A08018-6E8D-44BA-B964-8235A0B34985\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero PhotoShow Express --> "C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\Uninstall.exe"
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NeroVision Express 3 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Gart Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-17-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-17-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\setup.exe" -l0x9 UNINSTALL
Orbital from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD-B66C-43840D472758\Uninstall.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
SetupPPUpdater --> C:\PROGRA~1\PESTPA~1\UNWISE.EXE C:\PROGRA~1\PESTPA~1\install.log
Sonic Implants - 7' Stereo Grand Piano for SB Cards --> G:\PIANOI~1\UNINST~1.EXE G:\PIANOI~1\SBStereoPiano.LOG
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek 157 test 8 --> "C:\Program Files\Soulseek-Test\uninstall.exe"
SoulSeek Client 156b --> "C:\Program Files\Soulseek\uninstall.exe"
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /U C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Mail Quick Select Tool (PhotoMail) --> C:\PROGRA~1\Yahoo!\Common\unymb.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type9489 / Error
Event Submitted/Written: 12/07/2007 00:02:22 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type9488 / Error
Event Submitted/Written: 12/07/2007 00:02:22 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type9482 / Error
Event Submitted/Written: 12/07/2007 10:25:07 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x00032a16.
Error in creating result PEAP-TLV in response to received PEAP-TLV (OPXPApp.exe!ld!)

Event Record #/Type9481 / Error
Event Submitted/Written: 12/07/2007 10:25:00 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x0000b3d3.
Error in creating result PEAP-TLV in response to received PEAP-TLV (OPXPApp.exe!ld!)

Event Record #/Type9479 / Error
Event Submitted/Written: 12/07/2007 10:20:51 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x0001bb3c.
Error in creating result PEAP-TLV in response to received PEAP-TLV (OPXPApp.exe!ld!)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6193 / Warning
Event Submitted/Written: 12/08/2007 00:55:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6192 / Warning
Event Submitted/Written: 12/08/2007 11:36:00 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6191 / Warning
Event Submitted/Written: 12/08/2007 10:55:45 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6190 / Warning
Event Submitted/Written: 12/08/2007 02:40:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6171 / Error
Event Submitted/Written: 12/07/2007 01:01:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2007-12-09 02:13:48 ------------

4.

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 09, 2007 10:01:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/12/2007
Kaspersky Anti-Virus database records: 477606
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 121141
Number of viruses found: 5
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 05:52:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e1edeb820279ef7ff10fda32e3a0feb_f20e56f1-3549-4b6a-958b-b8e9b6125a34 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3469a0cfa9cb977e0a1cdb34bd5da4b6_f20e56f1-3549-4b6a-958b-b8e9b6125a34 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_f20e56f1-3549-4b6a-958b-b8e9b6125a34 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Linz\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\History\History.IE5\MSHist012007120920071210\index.dat Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Temp\JET6B68.tmp Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Temp\~DF4F3F.tmp Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Temp\~DF50F9.tmp Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Temp\~DF93B1.tmp Object is locked skipped
C:\Documents and Settings\Linz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Linz\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Linz\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\L0000012.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Netscape Internet Service\temp\pbk.dat Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\csrss.exe.vir Infected: Trojan-Proxy.Win32.Agent.kj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\vhpmilvt.dat.vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0011958.exe Infected: Trojan-Proxy.Win32.Agent.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013104.dll Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013105.exe Infected: Trojan.Win32.Dialer.ap skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013107.exe Infected: Trojan-Downloader.Win32.Small.bci skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013111.exe Infected: not-a-virus:AdWare.Win32.EliteBar.z skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP18\change.log Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP4\A0003102.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\sp2ynima1.exe Infected: Trojan-Downloader.Win32.Agent.rr skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP18\change.log Object is locked skipped
G:\Ares\___ARESTRA___loops and samples drum percusion & basses special sound fonts sf2 volume 1x fruity loops reason cubase ableton logic pro(2).zip Object is locked skipped
G:\Soulseek\INCOMPLETE~02-dextro_-_music_playback_(original_mix).mp3 Object is locked skipped
G:\Soulseek\INCOMPLETE~DJ Joubin - Nasty Mix1.mpg Object is locked skipped
G:\Soulseek\INCOMPLETE~[2007.08] Layo & Bushwacka & Smockin' Jo - Live @ Space - Ibiza - 2007.08.27.mp3 Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013106.exe Infected: Trojan.Win32.Dialer.ap skipped
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013108.exe Infected: Trojan-Downloader.Win32.Small.bci skipped
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15\A0013112.exe Infected: not-a-virus:AdWare.Win32.EliteBar.z skipped
G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP18\change.log Object is locked skipped
G:\WINDOWS\sp2ynima1.exe Infected: Trojan-Downloader.Win32.Agent.rr skipped

Scan process completed.


thanks for all your help. THe computer is running a lot better. please advise on what to do next.

therealsanderk

Attached Files


Edited by therealsanderk, 09 December 2007 - 09:32 PM.


#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 09 December 2007 - 11:24 PM

Hello therealsanderk,

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 224 MiB (512 MiB recommended).


You should add more RAM on your computer. XP SP2 will run much better with more RAM. You can read here info --> http://www.microsoft.com/athome/moredone/addmemory.mspx

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\buyurl-mmp.dat
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\sp2ynima1.exe
G:\WINDOWS\sp2ynima1.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #2

Run this scan as well:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Step #3

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:[/list]
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

2. Still get the same error message.


I was hoping it will go away finally. Disappointing :thumbsup:
I will see what else can be done and let you know in my next response.

Please post back with Combofix report, DrWeb report, and new HijackThis log.

Best regards,

Edited by SNOWHITE, 09 December 2007 - 11:27 PM.

SNOWHITE
Posted Image

#13 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 11 December 2007 - 11:33 PM

1. Everything went good (the computer did not restart)

2. Everything went good

3. Everything went good (i downloaded the comando)

Thanks for the help. Please advise on next steps.

Tyson



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:17 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125025158\ee\AOLServiceHost.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\unzipped\HiJackThis\HijackThis.exe
G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPV5Updater.exe
G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beatport.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] "C:\Program Files\PestPatrol\PPControl.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
O4 - HKLM\..\Run: [CookiePatrol] "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [cctray] "G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9159 bytes


ComboFix 07-12-02.6 - Linz 2007-12-10 20:34:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT -8:00]Running from: C:\Documents and Settings\Linz\Desktop\Fixing Computer Stuff\ComboFix.exe
Command switches used :: C:\Documents and Settings\Linz\Desktop\Fixing Computer Stuff\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\sp2ynima1.exe
C:\WINDOWS\system32\buyurl-mmp.dat
G:\WINDOWS\sp2ynima1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\sp2ynima1.exe
C:\WINDOWS\system32\buyurl-mmp.dat
G:\WINDOWS\sp2ynima1.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-10 20:18 . 2007-12-10 20:19 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-09 02:12 . 2007-12-09 02:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-09 02:12 . 2007-12-09 02:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 02:05 . 2007-12-09 02:05 <DIR> d----c--- C:\Deckard
2007-12-07 11:06 . 2007-12-09 02:23 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-12-07 10:52 . 2007-12-07 14:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-07 10:52 . 2007-12-07 13:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-07 10:52 . 2007-12-07 13:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-07 10:52 . 2007-12-07 13:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-06 20:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-06 20:25 . 2007-12-06 20:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-05 09:20 . 2007-12-05 09:20 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Grisoft
2007-12-05 09:19 . 2007-12-05 09:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-05 09:19 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 20:09 . 2003-07-24 01:56 <DIR> d----c--- C:\Documents and Settings\Administrator\WINDOWS
2007-12-04 20:09 . 2003-07-26 00:54 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-04 20:09 . 2003-07-24 01:35 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-04 20:09 . 2003-07-24 02:02 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-04 20:09 . 2003-07-26 00:57 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-29 21:20 . 2007-12-10 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-29 21:20 . 2007-11-29 21:20 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 21:17 . 2007-12-07 13:58 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 21:14 . 2007-11-29 21:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-29 12:32 . 2007-11-29 12:32 879,832 --a--c--- C:\WINDOWS\system32\drivers\vetefile.sys
2007-11-29 12:32 . 2007-11-29 12:32 108,360 --a--c--- C:\WINDOWS\system32\drivers\veteboot.sys
2007-11-29 12:29 . 2007-11-29 16:09 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-11-29 12:29 . 2007-11-29 16:09 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-11-29 12:29 . 2007-11-29 16:09 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-11-29 12:29 . 2007-11-29 16:09 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-11-29 12:29 . 2007-11-29 16:09 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-11-29 12:29 . 2007-11-29 16:09 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-11-29 12:29 . 2007-11-29 16:09 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-11-28 22:18 . 2007-11-29 12:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\CA
2007-11-28 21:52 . 2007-11-28 21:52 <DIR> d-------- C:\Program Files\AskSBar
2007-11-28 21:47 . 2007-11-28 21:53 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\GetRightToGo
2007-11-17 17:07 . 2007-11-17 17:13 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Audacity
2007-11-16 23:14 . 2004-08-03 23:56 119,040 --a------ C:\WINDOWS\system32\batmete.4
2007-11-16 23:14 . 2004-08-03 23:56 110,592 --a------ C:\WINDOWS\system32\batmete.3
2007-11-16 23:14 . 2004-08-03 23:56 104,192 --a------ C:\WINDOWS\system32\batmete.2
2007-11-16 18:05 . 2007-11-16 18:05 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Syntrillium
2007-11-16 17:36 . 2000-05-22 16:58 166,600 --a------ C:\WINDOWS\system32\Msmask32.ocx
2007-11-16 17:07 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2007-11-16 16:38 . 2007-11-16 16:38 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Music Recognition
2007-11-16 16:11 . 2007-11-16 16:12 <DIR> d----c--- C:\Documents and Settings\Linz\Application Data\Anvil Studio
2007-11-16 16:11 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2007-11-16 16:11 . 2000-05-22 00:00 198,848 --a------ C:\WINDOWS\system32\MCI32.OCX
2007-11-16 16:11 . 2002-06-06 01:01 29,696 --a------ C:\WINDOWS\system32\asutl8.dll
2007-11-16 15:00 . 2007-12-02 17:40 <DIR> d----c--- C:\unzipped
2007-11-15 22:36 . 2007-11-15 22:50 3,126 --a------ C:\WINDOWS\system32\tempimg.tmp
2007-11-15 22:28 . 2007-11-15 22:28 6,144 --ahs---- C:\WINDOWS\system32\access.ctl
2007-11-15 22:21 . 2002-03-18 15:18 221,184 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-11-15 22:21 . 2002-01-14 23:36 172,032 --a------ C:\WINDOWS\system32\MP2enc.dll
2007-11-15 22:02 . 2007-11-15 22:08 32 --a------ C:\WINDOWS\mmpoly.ini
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 03:50 --------- d-----w C:\Program Files\Soulseek
2007-12-07 22:13 --------- d-----w C:\Program Files\PestPatrol
2007-12-07 21:53 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-07 21:50 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-07 21:49 --------- d-----w C:\Program Files\Ares
2007-12-07 04:27 --------- d-----w C:\Program Files\Java
2007-12-07 04:21 --------- d-----w C:\Program Files\Java Web Start
2007-11-30 21:03 --------- dc----w C:\Documents and Settings\Linz\Application Data\AdobeUM
2007-11-30 05:18 --------- d-----w C:\Program Files\iPod
2007-11-30 05:13 --------- d-----w C:\Program Files\Apple Software Update
2007-11-29 06:43 --------- dc----w C:\Documents and Settings\Linz\Application Data\interMute
2007-11-29 06:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 23:17 --------- dc----w C:\Documents and Settings\Linz\Application Data\Ahead
2007-11-16 06:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 05:38 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-10-23 04:37 --------- d-----w C:\Program Files\Image-Line
2007-10-21 21:32 --------- d-----w C:\Program Files\TextAloud
2006-09-01 06:51 30,208 -c--a-w C:\Documents and Settings\Linz\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-04_ 9.59.35.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-08-29 12:00:00 778,752 -c----w C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
+ 2002-08-29 12:00:00 742,400 -c----w C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
+ 2006-08-24 16:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 21:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
- 2007-03-16 01:01:24 75,264 ----a-w C:\WINDOWS\system32\AsUninst.exe
+ 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2003-02-21 00:42:34 24,677 -c----w C:\WINDOWS\system32\java.exe
+ 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-02-21 00:42:34 28,775 -c----w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-28 21:52 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-28 21:52 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-28 21:52 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-28 21:52 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="rundll32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 15:33]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-03-14 18:15]
"Aim6"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-05-12 12:04]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 16:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 19:28]
"PestPatrol Control Center"="C:\Program Files\PestPatrol\PPControl.exe" [2002-10-04 14:53]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2002-10-15 21:16]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2002-11-07 17:56]
"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 C:\WINDOWS\system32\S3tray2.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1125025158\ee\AOLHostManager.exe" [2005-07-29 08:53]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-05 19:30]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 10:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 10:51]
"eTrustPPAP"="G:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-11-28 22:20]
"cctray"="G:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2007-11-29 16:09]
"CAVRID"="G:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-11-29 16:09]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 09:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 02:03:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Documents and Settings\Owner\Desktop\Unused bleep\WinZip\WZQKPICK.EXE [2006-04-10 20:19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2003-03-01 16:40 125440 --a--c--- C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-06-17 17:13 118784 --a--c--- C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot


.
Contents of the 'Scheduled Tasks' folder
"2007-12-08 16:35:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2003-12-28 18:15:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 20:41:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 20:43:00
C:\ComboFix2.txt ... 2007-12-04 10:02
.
--- E O F ---


KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
asksbar.dll;c:\program files\asksbar\bar\1.bin;Adware.Msearch;Incurable.Deleted.;
A2PLUGIN.DLL;C:\Program Files\AskSBar\bar\1.bin;Adware.Msearch;Moved.;
NPASKSBR.DLL;C:\Program Files\AskSBar\bar\1.bin;Adware.Msearch;Moved.;
a2srchas.dll;c:\program files\asksbar\srchastt\1.bin;Adware.Msearch;Incurable.Deleted.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Moved.;
RealBar.dll;C:\Program Files\Common Files\Real\Toolbar;Adware.MegaSearch.origin;Moved.;
NPAskSBr.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Msearch;Moved.;
csrss.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.Spambot;Deleted.;
sp2ynima1.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Dialer.Tibs;Deleted.;
sp2ynima1.exe.vir;C:\qoobox\Quarantine\G\WINDOWS;Dialer.Tibs;Deleted.;
A0000030.dll;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1;Trojan.Sentinel;Deleted.;
A0011958.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Trojan.Spambot;Deleted.;
A0013105.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Dialer.PlayGames;Moved.;
A0013107.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Trojan.DownLoader.4534;Incurable.Moved.;
A0013109.dll;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Adware.Aws;Moved.;
A0013110.dll;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Adware.Minibug;Moved.;
A0013111.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Adware.EliteBar;Moved.;
A0017165.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP19;Dialer.Tibs;Deleted.;
A0017203.DLL;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP19;Adware.Msearch;Moved.;
A0017204.DLL;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP19;Adware.Msearch;Moved.;
A0017205.exe;C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP19;Trojan.KillApp.30208;Deleted.;
batmete.2;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;
batmete.3;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;
batmete.4;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;
A0013106.exe;G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Dialer.PlayGames;Moved.;
A0013108.exe;G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Trojan.DownLoader.4534;Incurable.Moved.;
A0013112.exe;G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP15;Adware.EliteBar;Moved.;
A0017166.exe;G:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP19;Dialer.Tibs;Deleted.;

Attached Files



#14 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:20 AM

Posted 14 December 2007 - 05:14 AM

Hello therealsanderk :thumbsup:

Try this and let me know how it will go:

Click start>Run> copy and paste the text below into runbox:

RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext

Press OK button.

Let me know if that works for uninstalling old java.

Regards

Edited by SNOWHITE, 14 December 2007 - 05:15 AM.

SNOWHITE
Posted Image

#15 therealsanderk

therealsanderk
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 14 December 2007 - 10:54 PM

sorry same error message




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users