Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Sign In To Accounts


  • Please log in to reply
1 reply to this topic

#1 salsmc

salsmc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 11 February 2008 - 06:17 PM

Hi, I'm posting this for a friend. She registered here but has since lost the ability to access the message board. Here is a copy and paste of what she sent me via email. She says when she tries to sign in to websites that she gets a message saying a firewall is blocking it. Thanks!

=======================
I'm attaching my panda log (active scan) and the dss (highjack this) ones. It says here to post the active scan and the main.txt one in the body of the post and to attach the extra.txt one. I'm running XP service pack 2. It won't let IE or firefox load certain webpages, when I check connectivity it says the issue is with my firewall.
============================

Incident
Status Location





Potentially unwanted tool:application/winfixer2005
Not disinfected c:\program files\common
files\WinSoftware



Potentially unwanted tool:application/regclean32
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application Data\Registry Cleaner



Adware:adware/savenow
Not disinfected Windows Registry




Adware:adware/memorywatcher
Not disinfected Windows Registry




Spyware:Cookie/Tribalfusion
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[.tribalfusion.com/]


Spyware:Cookie/Doubleclick
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[.doubleclick.net/]


Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[.serving-sys.com/]


Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[.bs.serving-sys.com/]


Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[.serving-sys.com/]


Spyware:Cookie/WebtrendsLive
Not disinfected C:\Documents and
Settings\Compaq_Owner\Application
Data\Mozilla\Firefox\Profiles\28pqfos6.default\cookies.txt[statse.webtrendslive.com/]


Spyware:Cookie/YieldManager
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[3].txt



Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt



Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[2].txt



Spyware:Cookie/AdDynamix
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@ads.addynamix[1].txt



Spyware:Cookie/PointRoll
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt



Spyware:Cookie/PointRoll
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[3].txt



Spyware:Cookie/Adserver
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@adserver.easyad[1].txt



Spyware:Cookie/Advertising
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt



Spyware:Cookie/NewMedia
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@anm.co[2].txt



Spyware:Cookie/Apmebf
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt



Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt



Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[3].txt



Spyware:Cookie/Atlas DMT
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[4].txt



Spyware:Cookie/Atwola
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt



Spyware:Cookie/Azjmp
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt



Spyware:Cookie/Bluestreak
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[1].txt



Spyware:Cookie/Bluestreak
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[2].txt



Spyware:Cookie/bravenetA
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bravenet[1].txt



Spyware:Cookie/bravenetA
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bravenet[2].txt



Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt



Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[2].txt



Spyware:Cookie/BurstNet
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[1].txt



Spyware:Cookie/BurstNet
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt



Spyware:Cookie/Casalemedia
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt



Spyware:Cookie/Com.com
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt



Spyware:Cookie/Hitslink
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@counter.hitslink[1].txt



Spyware:Cookie/did-it
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@did-it[1].txt



Spyware:Cookie/Doubleclick
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt



Spyware:Cookie/Hitbox
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@ehg-dig.hitbox[2].txt



Spyware:Cookie/Enhance
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@enhance[1].txt



Spyware:Cookie/FastClick
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[2].txt



Spyware:Cookie/FortuneCity
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@fortunecity[1].txt



Spyware:Cookie/Go
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@go[1].txt



Spyware:Cookie/Go
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt



Spyware:Cookie/DriveCleaner
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@klik.klikadvertising[1].txt



Spyware:Cookie/Linksynergy
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@linksynergy[1].txt



Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[2].txt



Spyware:Cookie/Adrevolver
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[3].txt



Spyware:Cookie/Mediaplex
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt



Spyware:Cookie/Mediaplex
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt



Spyware:Cookie/Overture
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt



Spyware:Cookie/Overture
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@overture[2].txt



Spyware:Cookie/QuestionMarket
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt



Spyware:Cookie/RealMedia
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt



Spyware:Cookie/RealMedia
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[2].txt



Spyware:Cookie/WUpd
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@revenue[2].txt



Spyware:Cookie/Searchportal
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@searchportal.information[2].txt



Spyware:Cookie/Server.iad.Liveperson
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@server.iad.liveperson[1].txt



Spyware:Cookie/Serving-sys
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt



Spyware:Cookie/Statcounter
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[2].txt



Spyware:Cookie/WebtrendsLive
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[2].txt



Spyware:Cookie/Target
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@target[1].txt



Spyware:Cookie/Tradedoubler
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@tradedoubler[1].txt



Spyware:Cookie/Traffic Marketplace
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt



Spyware:Cookie/Traffic Marketplace
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt



Spyware:Cookie/Tribalfusion
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt



Spyware:Cookie/Tribalfusion
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt



Spyware:Cookie/BurstBeacon
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt



Spyware:Cookie/BurstBeacon
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[3].txt



Spyware:Cookie/Xiti
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt



Spyware:Cookie/Zedo
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@zedo[1].txt



Spyware:Cookie/Zedo
Not disinfected C:\Documents and
Settings\Compaq_Owner\Cookies\compaq_owner@zedo[3].txt



Potentially unwanted tool:Application/KillApp.B
Not disinfected C:\hp\bin\KillIt.exe




Possible Virus.
Not disinfected C:\Program
Files\Grisoft\AVG7\avgcc.exe



Possible Virus.
Not disinfected C:\Program
Files\SymNetDrv\SNDMon.exe



Possible Virus.
Not disinfected C:\Program
Files\Verizon\McciTrayApp.exe



Possible Virus.
Not disinfected C:\Program
Files\Yahoo!\browser\ybrwicon.exe

==============================
Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-02-07 20:55:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore
--------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-02-08 01:55:45 UTC - RP944 - Deckard's System Scanner Restore
Point
75: 2008-02-08 00:08:50 UTC - RP943 - System Checkpoint
74: 2008-02-06 23:49:16 UTC - RP942 - System Checkpoint
73: 2008-02-05 23:46:28 UTC - RP941 - System Checkpoint
72: 2008-02-04 23:42:34 UTC - RP940 - System Checkpoint


-- First Restore Point --
1: 2007-11-11 01:02:29 UTC - RP869 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB
recommended).


-- HijackThis Clone
------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-07 20:58:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxceserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
=
http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
=
http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156}
- C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: SidebarAutoLaunch Class -
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300
Series\ezprint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300
Series\lxcemon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program
Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT
Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando
Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
/RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Verizon Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
(file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com
Configuration Class) -
https://activatemydsl.verizon.net/sd...ad/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
Scan Agent 6.6) -
http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} () -
http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} (CCheckCtrl Object) -
http://mediadownloads.walmart.com/mm...martcheck2.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class)
- http://download.verizon.net/sfp/Cabs...WebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -
C:\Program Files\Common Files\Microsoft Shared\Information
Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} -
C:\Program Files\Common Files\Microsoft Shared\Web
Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LXCECustomerConnect - Unknown owner -
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxceserv.exe
O23 - Service: lxce_device - Lexmark International, Inc. -
C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program
Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


--
End of file - 12973 bytes

-- File Associations
-----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
---------------------

R2 eSpecBny - c:\windows\system32\drivers\especbny.sys <Not Verified;
Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified;
RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 SemLPT - c:\windows\system32\drivers\semlpt.sys <Not Verified;
Husqvarna Sewing Machines AB; Driver for Embroidery Card R/W Unit>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified;
RIF; DVD For Free>
R3 Pcouffin (Low level access layer for CD devices) -
c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin
engine>

S2 Parclass - c:\windows\system32\drivers\parclass.sys <Not Verified;
Microsoft Corporation; Microsoft® Windows NT™ Operating System>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common
files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for
Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common
files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether
for Windows>
S3 SydexFDD (Sydex Diskette Driver) -
c:\windows\system32\drivers\sydexfdd.sys <Not Verified; Windows ® 2000 DDK provider; Sydex Floppy
Driver for Windows 2000>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
--------------------

R2 OpenCASE Media Agent - "c:\program files\opencase\opencase media
agent\mediaagent.exe" <Not Verified; ExtendMedia Inc.; OpenCASE Media
Agent>


-- Device Manager: Disabled
----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks
-------------------------------------------------------------

2008-02-07 18:53:39 378 --a------ C:\WINDOWS\Tasks\Symantec
NetDetect.job


-- Files created between 2008-01-07 and 2008-02-07
-----------------------------

2008-02-07 20:47:26 0 d-------- C:\ie-spyad_zo
2008-02-07 20:43:17 0 d-------- C:\Program Files\SpywareBlaster
2008-02-07 18:44:17 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-07 18:44:14 0 d-------- C:\WINDOWS\LastGood
2008-02-07 18:32:43 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\Mozilla
2008-02-04 22:32:22 0 d-------- C:\WINDOWS\bak
2008-02-04 22:32:10 0 d-------- C:\WINDOWS\system\bak
2008-02-04 22:32:07 0 d-------- C:\WINDOWS\system32\bak
2008-01-13 21:17:50 14860 --a------ C:\WINDOWS\Imgtask.exe
2008-01-10 21:13:20 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\Snapfish


-- Find3M Report
---------------------------------------------------------------

2008-02-07 19:48:01 0 d-------- C:\Program Files\Lexmark 4300
Series
2008-02-07 19:46:01 0 d-------- C:\Program Files\dvd43
2008-02-07 19:45:22 0 d-------- C:\Program Files\Common
Files\Symantec Shared
2008-02-07 18:16:39 0 d-------- C:\Program Files\Collage Maker
2008-02-07 18:16:22 0 d-------- C:\Program Files\BearShare
2008-02-07 16:36:04 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\AVG7
2008-02-07 16:09:16 0 d-------- C:\Program Files\Lx_cats
2008-02-06 07:17:53 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\DVD Flick
2008-02-06 07:08:24 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\1ClickDVDCopy
2008-02-06 07:04:59 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\CopyToDvd
2008-02-04 22:39:29 0 d-------- C:\Program Files\Verizon
2008-02-04 22:39:29 0 d-------- C:\Program Files\SymNetDrv
2008-02-04 22:39:29 0 d-------- C:\Program Files\QuickTime
2008-02-04 22:37:25 14860 --a------
C:\WINDOWS\system32\igfxtray.exe
2008-02-04 16:17:01 0 d-------- C:\Program Files\Common Files
2008-01-08 21:24:42 4 --a------ C:\WINDOWS\system32\2041E5
2007-12-16 15:28:58 0 d-------- C:\Program Files\Microsoft
Picture It!
2007-12-15 23:00:25 0 d-------- C:\Program Files\Rhapsody
2007-12-15 22:57:51 0 d-------- C:\Documents and
Settings\Compaq_Owner\Application Data\Real
2007-12-15 22:48:07 0 d-------- C:\Program Files\Real
2007-12-12 11:48:02 0 d-------- C:\Program Files\Photo To
Sketch


-- Registry Dump
---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe" [02/04/2008 10:37 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [02/04/2008 10:37 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/04/2008 10:37 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" [02/04/2008 10:37 PM]
"TkBellExe"="C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" [02/04/2008 10:37 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [02/04/2008 10:37 PM]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[02/04/2008 10:37 PM]
"SiSPower"="SiSPower.dll" [09/24/2004 11:49 AM
C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" []
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [02/04/2008
10:37 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/04/2008
10:37 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM
C:\WINDOWS\ALCXMNTR.EXE]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll"
[03/22/2005 05:45 AM]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe"
[02/04/2008 10:37 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/04/2008 10:37 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00
AM]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
[02/04/2008 10:37 PM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [11/20/2007 04:40 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe"
[02/04/2008 10:37 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [02/04/2008 10:37
PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe"
[02/04/2008 10:37 PM]
"ImgTask"="C:\WINDOWS\Imgtask.exe" [02/04/2008 10:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe"
[02/04/2008 10:37 PM]
"Registry Cleaner"="C:\Program Files\TPT Registry_Cleaner
(Trial)\regclean.exe" []
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [02/08/2007
12:19 PM]
"@"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/8/2007 5:36:27 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft
Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abf6f164-98e8-11d9-9455-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13425a8-c232-11dc-9c70-0011d860f55a}]
AutoRun\command- L:\Imageviewer.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-02-07 20:59:08
------------
==================
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information
----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3300+
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 383.48 MiB / 143.3 MiB
Pagefile Memory (total/avail): 920.75 MiB / 535.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.3 MiB

C: is Fixed (NTFS) - 227.61 GiB total, 178.18 GiB free.
D: is Fixed (FAT32) - 5.26 GiB total, 0.66 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBB0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 5.27 GiB - D:
\PARTITION1 (bootable) - Installable File System - 227.61 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - Lexmark USB Mass Storage USB Device



-- Security Center
-------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.7.1098 [VPS 080207-0] v4.7.1098 (ALWIL Software)
Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq
Connections.exe"="C:\\Program Files\\Compaq
Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program
Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program
Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program
Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program
Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program
Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program
Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program
Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program
Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"C:\\Documents and Settings\\Compaq_Owner\\Local
Settings\\Temp\\EMC\\Wal-MartInstaller.exe"="C:\\Documents and Settings\\Compaq_Owner\\Local
Settings\\Temp\\EMC\\Wal-MartInstaller.exe:*:Enabled:Wal-MartInstaller"
"C:\\Program Files\\Wal-Mart\\Wal-Mart Video Download
Manager\\WalMartPlayer.exe"="C:\\Program Files\\Wal-Mart\\Wal-Mart Video Download
Manager\\WalMartPlayer.exe:*:Enabled:Wal-Mart Video Download Manager"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program
Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program
Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"


-- Environment Variables
-------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRIGGER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\CRIGGER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program
Files\PC-Doctor for Windows\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=CRIGGER
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
windir=C:\WINDOWS


-- User Profiles
---------------------------------------------------------------

Compaq_Owner (admin)


-- Add/Remove Programs
---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x
{9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{2D261CA3-5C68-494A-89D1-5DE68ED23146}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9
-uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 4.2.9.2 --> "C:\Program Files\LG Software
Innovations\1Click DVD Copy 4.2\unins000.exe"
3D Organizer 7.1 --> MsiExec.exe
/I{3A155C78-AFEF-4C47-9A48-051FF16EC452}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe
/I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Flash Player 9 ActiveX -->
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program
Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop
7.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe
/I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems PCI Soft Modem --> agrsmdel
avast! Antivirus --> rundll32
C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
Dr.METAZA2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program
Files\Dr.METAZA2\Uninst.isu"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD
Decrypter\uninstall.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v4.0.0 --> "C:\Program Files\dvd43\unins000.exe"
Easy Internet Sign-up -->
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE
C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 -->
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) -->
"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital
Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile
hposcr07.dat
InterVideo WinDVD Player --> "C:\Program Files\InstallShield
Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe"
REMOVEALL
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe
/I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Lexmark 4300 Series -->
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
LiveReg (Symantec Corporation) --> C:\Program Files\Common
Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program
Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player -->
C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP -->
"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe
/I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe
/I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! 2000 --> MsiExec.exe
/I{E78FC917-C21B-11D2-99FE-00105A98B681}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe
/X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe
/I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla
Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton Internet Security --> MsiExec.exe
/I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe
/I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe
/I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe
/I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe
/I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe
/I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe
/I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall --> MsiExec.exe
/I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall (Symantec Corporation) --> C:\Program
Files\Common Files\Symantec
Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
NVIDIA GART Driver --> C:\WINDOWS\system32\nvugart.exe Uninstall
C:\WINDOWS\system32\nvgart.nvu,NVIDIA GART Driver
OpenCASE Media Agent --> MsiExec.exe
/I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
PC-Doctor for Windows --> C:\Program Files\Common
Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}
/l1033
PED-Basic --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{5D76440F-B69A-43F8-8F5E-D537349A398C}\setup.exe"
-l0x9 -uninst
Photo To Sketch 3.51 --> "C:\Program Files\Photo To
Sketch\unins000.exe"
Python 2.2 combined Win32 extensions -->
C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe
C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common
Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A
C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe
/I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458) -->
"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) -->
"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem11.inf
Sonic Express Labeler --> MsiExec.exe
/I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe
/I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe
/I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpywareBlaster v3.5.1 --> "C:\Program
Files\SpywareBlaster\unins000.exe"
Super SpongeBob Collapse! --> C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE
/U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG
The Print Shop Premier Edition 5.0 --> C:\WINDOWS\uninst.exe -f"C:\The
Print Shop Products\The Print Shop Premier Edition 5.0\DeIsL1.isu"
-c"C:\The Print Shop Products\The Print Shop Premier Edition
5.0\psfinst.dll"
Verizon Online --> C:\WINDOWS\system32\VerizonUninstaller.exe
Verizon Online DSL --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help & Support --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation
Information\{25EF00D0-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE
C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon PC Checkup --> C:\PROGRA~1\Verizon\UNWISE.EXE
C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Wilcom TrueSizer --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation
Information\{AF1AAE2F-7DEF-4B60-9EE2-1158C2487A16}\setup.exe" -l0x9 -removeonly
Windows Media Format 11 runtime -->
"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Photos Easy Upload Tool --> C:\Program
Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log


-- Application Event Log
-------------------------------------------------------

Event Record #/Type34693 / Error
Event Submitted/Written: 01/30/2008 00:03:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ybrowser.exe, version 2006.8.11.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type34679 / Error
Event Submitted/Written: 01/30/2008 11:57:29 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ybrowser.exe, version 2006.8.11.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type34678 / Error
Event Submitted/Written: 01/30/2008 11:56:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ybrowser.exe, version 2006.8.11.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type34677 / Error
Event Submitted/Written: 01/30/2008 11:55:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ybrowser.exe, version 2006.8.11.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type34483 / Error
Event Submitted/Written: 01/21/2008 09:48:08 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 194083160.
The Wep key exchange did not result in a secure connection setup after
802.1x authentication. The current setting has been marked as failed
and the Wireless connection will be disconnected.



-- Security Event Log
----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log
------------------------------------------------------------

Event Record #/Type67773 / Error
Event Submitted/Written: 02/07/2008 04:48:39 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic
updates service and therefore cannot download and install updates according
to the set schedule. Windows will continue to try to establish a
connection.

Event Record #/Type67721 / Warning
Event Submitted/Written: 02/05/2008 11:10:01 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging
operation.

Event Record #/Type67720 / Warning
Event Submitted/Written: 02/05/2008 1104 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging
operation.

Event Record #/Type67719 / Warning
Event Submitted/Written: 02/05/2008 10:04:58 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging
operation.

Event Record #/Type67718 / Warning
Event Submitted/Written: 02/05/2008 09:38:14 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging
operation.



-- End of Deckard's System Scanner: finished at 2008-02-07 20:59:08

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:06 AM

Posted 20 February 2008 - 06:34 PM

Hi and welcome,

sorry for delay.
If you still need help please carry on with below:

1.a ) You have 3 antivirus programs running -- (AVG, AVAST, Norton)
More than one will cause serious conflicts and stability problems.
See if you can get 2 antivirus uninstalled.

If uninstalling Norton Internet Security -- make sure Windows firewall is on so you have some firewall protection till we get the machine stable enough to install a different firewall.

1.b ) Uninstall Registry cleaner via add/remove programs.
1.c ) Uninstall Java 2 Runtime Environment, SE v1.4.2_03

Reboot when done with the uninstalls.


2.) Run dss.exe again and post new "main.txt".

3.) Download FindAWF from here and save it to the desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Post the contents of log here please.

4.) Go to http://www.virustotal.com/en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\Imgtask.exe
Click Send.
Please post the results of this scan to this thread.
Please include the file size/MD5 information if available.

5.) Let me know how system is running and if you had problems with the above.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users