Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jaymyka.wen9.com


  • This topic is locked This topic is locked
12 replies to this topic

#1 justin05

justin05

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 01 May 2008 - 06:04 PM

I have the jaymyka.wen9.com in my system. I have send a copy of my hijack this log.
thanks....
what should i do?

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 02 May 2008 - 08:43 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please go to this page and scroll down to step 6.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Follow the directions there to run DSS and then post those logs back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 justin05

justin05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 02 May 2008 - 12:42 PM

I have the jaymyka.wen9 in my computer. I have AVG 8.0 installed in my computer and everytime Iit performed a scan it always say that my computer is clean. But the name jaymyka.wen9 always comes out in the title bar everytime I use internet explorer. Plus I can't open my drive C & D through the My Computer icon. When I double click this drives I am always asked what program should I use to open drive C/drive D. Enclosed is the log from DSS. Hope you can help me with my problem. :thumbsup:



Deckard's System Scanner v20071014.68
Run by Sheila1 on 2008-05-03 01:14:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-05-02 17:14:17 UTC - RP60 - Deckard's System Scanner Restore Point
13: 2008-04-29 14:51:09 UTC - RP59 - System Checkpoint
12: 2008-04-19 01:36:35 UTC - RP58 - System Checkpoint
11: 2008-04-12 03:14:03 UTC - RP57 - System Checkpoint
10: 2008-04-11 02:28:09 UTC - RP56 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-29 19:30:24 UTC - RP47 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sheila1.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-03 01:21:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\AVG\AVG8\avgcmgr.exe
C:\Documents and Settings\Sheila1\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
F0 - system.ini: Shell=explorer.exe "C:\WINDOWS\services.exe"
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\services.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ampli] WINDOWS\system32\mveo.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nav_x] c:\smss.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 12896 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - c:\smss.exe


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 03:09:42 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheila1.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-02 06:13:34 0 d-------- C:\Program Files\Trend Micro
2008-04-28 22:37:33 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-28 22:33:28 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-28 22:19:51 0 d-------- C:\Program Files\PopCap Games
2008-04-27 10:29:05 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-04-27 10:29:05 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-04-27 10:29:05 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-04-27 10:29:05 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-04-27 10:29:05 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-04-27 10:29:05 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-04-27 10:27:59 188960 --a------ C:\WINDOWS\system\Wingde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-04-27 10:27:59 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-27 10:27:59 92208 --a------ C:\WINDOWS\system\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-27 10:27:59 0 d-------- C:\Program Files\Mindscape
2008-04-27 10:25:36 0 d-------- C:\BRAINSTM
2008-04-24 06:25:45 32 ---h----- C:\WINDOWS\popcinfo.dat
2008-04-24 06:15:18 0 d-------- C:\Documents and Settings\Sheila1\Application Data\SpinTop
2008-04-20 12:37:44 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Talkback
2008-04-20 12:37:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-20 12:36:21 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Mozilla
2008-04-12 12:28:30 0 d--h----- C:\$AVG8.VAULT$
2008-04-09 23:14:51 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-09 23:14:50 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AVGTOOLBAR
2008-04-09 23:13:48 0 d-------- C:\Program Files\AVG
2008-04-09 23:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 23:08:41 0 d-------- C:\WINDOWS\system32\CatRoot2-Old
2008-04-09 23:05:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-05 09:29:47 2936832 --a------ C:\WINDOWS\system32\MA2_6.scr
2008-04-05 09:29:46 0 d-------- C:\Program Files\SereneScreen
2008-04-05 09:25:56 97848 --a------ C:\WINDOWS\system32\bass.dll <Not Verified; Un4seen Developments; >
2008-04-04 03:01:26 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Apple Computer
2008-04-04 02:58:00 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-04 02:33:41 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 02:33:21 0 d-------- C:\Program Files\Real
2008-04-04 02:31:38 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Real
2008-04-04 02:13:46 0 d-------- C:\Program Files\Winamp Toolbar
2008-04-04 02:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-04 02:11:02 0 d-------- C:\Program Files\Winamp
2008-04-04 02:11:02 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Winamp
2008-04-04 01:03:45 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 01:02:21 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 01:02:21 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-05-03 01:15:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-02 23:43:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 23:22:16 0 d-------- C:\Program Files\lg_fwupdate
2008-05-02 05:55:44 0 d-------- C:\Program Files\Messenger
2008-05-02 05:55:44 0 d-------- C:\Program Files\Knowledge Adventure
2008-04-20 12:40:36 0 d-------- C:\Documents and Settings\Sheila1\Application Data\PlayFirst
2008-04-12 13:41:36 0 d-------- C:\Program Files\Mystery Case Files Huntsville
2008-04-12 08:38:09 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Corel
2008-04-12 08:37:24 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-09 10:44:12 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2008-04-07 13:15:46 0 d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-04-04 02:33:41 0 d-------- C:\Program Files\Common Files
2008-04-04 02:33:38 0 d-------- C:\Program Files\Common Files\Real
2008-03-29 23:57:14 0 d-------- C:\Documents and Settings\Sheila1\Application Data\PC Tools
2008-03-28 23:54:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-28 04:05:26 0 d-------- C:\Program Files\QSS
2008-03-28 04:05:25 0 d-------- C:\Program Files\Conduit
2008-03-28 02:41:01 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AdobeUM
2008-03-27 01:53:37 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Adobe
2008-03-27 00:45:11 0 d-------- C:\Program Files\GameHouse
2008-03-25 15:27:00 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Google
2008-03-25 08:03:12 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Uniblue
2008-03-25 07:58:13 0 d-------- C:\Program Files\Security Task Manager
2008-03-25 07:58:13 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Help
2008-03-24 23:16:04 0 d-------- C:\Program Files\Alwil Software
2008-03-24 22:51:28 0 d-------- C:\Program Files\Disc2Phone
2008-03-24 22:48:22 0 d-------- C:\Program Files\Google
2008-03-24 22:37:52 0 d-------- C:\Program Files\QuickTime
2008-03-24 22:34:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AdobeAUM
2008-03-24 22:32:20 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Leadertech
2008-03-24 22:30:34 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Teleca
2008-03-24 22:29:54 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Sony Ericsson
2008-03-24 22:28:00 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-24 22:27:41 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-24 22:27:36 0 d-------- C:\Program Files\Sony Ericsson
2008-03-24 22:17:16 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Sony Corporation
2008-03-24 22:15:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 22:13:27 0 d-------- C:\Program Files\Sony
2008-03-24 19:06:19 0 d-------- C:\Program Files\MSXML 4.0
2008-03-24 16:24:16 0 d-------- C:\Documents and Settings\Sheila1\Application Data\GameHouse
2008-03-24 15:16:20 0 d-------- C:\Program Files\Yahoo!
2008-03-24 15:16:05 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Yahoo!
2008-03-24 14:58:26 0 d-------- C:\Program Files\Mystery Case Files [3-in-1][PC games] [vertigo173]
2008-03-24 14:55:35 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-03-24 14:54:48 0 d-------- C:\Program Files\Common Files\L&H
2008-03-24 14:54:47 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-24 14:54:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-24 14:54:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-24 01:07:10 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Ahead
2008-03-24 01:01:04 0 d-------- C:\Documents and Settings\Sheila1\Application Data\CyberLink
2008-03-23 19:49:19 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-23 19:47:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-23 19:45:24 0 d-------- C:\Program Files\Nero
2008-03-23 19:39:09 0 d-------- C:\Program Files\CyberLink
2008-03-22 00:46:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-22 00:46:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-22 00:46:17 62 --ahs---- C:\Documents and Settings\Sheila1\Application Data\desktop.ini
2008-03-21 19:33:52 0 d-------- C:\Program Files\Symantec
2008-03-21 18:48:00 7176121 --a------ C:\WINDOWS\system32\VIPv3_EXT.dll
2008-03-21 18:45:58 0 d-------- C:\Documents and Settings\Sheila1\Application Data\WinRAR
2008-03-21 18:34:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Macromedia
2008-03-21 17:53:53 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Microsoft Web Folders
2008-03-21 17:48:53 8 -r-hs---- C:\WINDOWS\system32\EC02369FC8.sys
2008-03-21 17:48:25 0 d-------- C:\Program Files\Common Files\Corel
2008-03-21 17:47:41 0 d-------- C:\Program Files\Corel
2008-03-21 17:41:15 0 d-------- C:\Program Files\Norton Internet Security
2008-03-21 17:33:33 0 d-------- C:\Program Files\Realtek
2008-03-21 17:33:30 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-21 17:31:48 0 d-------- C:\Program Files\Intel
2008-03-21 17:22:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Identities
2008-03-21 17:17:37 0 d-------- C:\Program Files\microsoft frontpage
2008-03-21 17:17:21 0 -rahs---- C:\MSDOS.SYS
2008-03-21 17:17:21 0 -rahs---- C:\IO.SYS
2008-03-21 17:17:21 0 --a------ C:\CONFIG.SYS
2008-03-21 17:17:21 0 --a------ C:\AUTOEXEC.BAT
2008-03-21 17:16:24 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-21 17:15:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-21 17:15:21 0 d-------- C:\Program Files\Movie Maker
2008-03-21 17:14:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-21 17:14:23 0 d-------- C:\Program Files\Online Services
2008-03-21 17:14:14 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-21 17:14:04 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/20/2008 06:36 AM 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80ad36e4-7d72-40f4-8505-b7750c8f20bd}]
03/13/2008 10:30 AM 1524248 --a------ C:\Program Files\QSS\tbQSS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/09/2008 11:14 PM 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{80AD36E4-7D72-40F4-8505-B7750C8F20BD}"= C:\Program Files\QSS\tbQSS.dll [03/13/2008 10:30 AM 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [03/20/2008 06:36 AM 1267040]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [04/09/2008 11:14 PM 2051328]

[-HKEY_CLASSES_ROOT\CLSID\{80AD36E4-7D72-40F4-8505-B7750C8F20BD}]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 05:59 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/03/2008 10:26 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [03/26/2008 10:24 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [11/24/2006 01:06 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/24/2008 10:37 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/02/2008 02:49 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 02:33 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/09/2008 11:14 PM]
"ampli"="WINDOWS\system32\mveo.exe" []
"VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe" [01/17/2006 07:15 PM]
"Vistadrv"="C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [07/30/2006 02:37 AM]
"VIPv3_Auto_Update"="C:\WINDOWS\VIPv3\CheckForUpdates.exe" [09/08/2006 03:54 PM]
"SkyTel"="SkyTel.EXE" [10/11/2007 11:04 AM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [10/25/2007 11:57 AM C:\WINDOWS\RTHDCPL.exe]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 07:11 AM]
"nwiz"="nwiz.exe" [01/03/2008 10:26 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/03/2008 10:26 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe" []
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [08/23/2007 05:36 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"nav_x"="c:\smss.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]

C:\Documents and Settings\Sheila1\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [3/24/2008 10:13:41 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\WINDOWS\services.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdc840f-f762-11dc-bfab-806d6172696f}]
AutoRun\command- jay.exe
explore\Command- jay.exe
open\Command- jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdc8410-f762-11dc-bfab-806d6172696f}]
AutoRun\command- jay.exe
explore\Command- jay.exe
open\Command- jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a70138-0829-11dd-852d-001e8c84c0d6}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddb43ae-f9ac-11dc-9bae-001e8c84c0d6}]
- F:\ms-dos\ntdlr.com

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-03 01:22:10 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1023.17 MiB / 452.31 MiB
Pagefile Memory (total/avail): 2460.37 MiB / 1704.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.78 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 73.24 GiB total, 59.05 GiB free.
D: is Fixed (NTFS) - 75.8 GiB total, 75.68 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160215AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 73.24 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 75.8 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.) Disabled
AV: AVG Anti-Virus v8.0 (AVG Technologies)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sheila1\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHEILA
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sheila1
LOGONSERVER=\\SHEILA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sheila1\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sheila1\LOCALS~1\Temp
USERDOMAIN=SHEILA
USERNAME=Sheila1
USERPROFILE=C:\Documents and Settings\Sheila1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sheila1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Communications Inc.® L1 Gigabit Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Corel Snapfire DVD Maker --> MsiExec.exe /X{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}
Corel Snapfire Plus --> MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\Hijackcheck\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
JumpStart 1st Grade 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JS1G2001\DeIsL1.isu"
JumpStart Kindergarten 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSKG2001\DeIsL1.isu"
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Mystery Case Files Huntsville --> "C:\WINDOWS\Mystery Case Files Huntsville\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Huntsville\Uninstall\uninstall.xml"
Mystery Case Files Prime Suspects --> "C:\WINDOWS\Mystery Case Files Prime Suspects\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Prime Suspects\Uninstall\uninstall.xml"
Mystery Case Files Ravenhearst --> "C:\WINDOWS\Mystery Case Files Ravenhearst\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Ravenhearst\Uninstall\uninstall.xml"
Nero 7 Essentials --> MsiExec.exe /X{69589221-D76E-4C88-8388-A7943C851033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QSS Toolbar --> C:\PROGRA~1\QSS\UNWISE.EXE C:\PROGRA~1\QSS\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super Collapse! from GameHouse --> C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Vista Icon Pack v3 System Patch --> VIPuninstall.bat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Suggest Add-on for IE7 --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1585 / Error
Event Submitted/Written: 05/03/2008 01:18:25 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Sheila1.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1584 / Error
Event Submitted/Written: 05/02/2008 11:27:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1562 / Error
Event Submitted/Written: 05/02/2008 05:17:35 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1528 / Error
Event Submitted/Written: 05/02/2008 02:51:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner[1].exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1527 / Error
Event Submitted/Written: 05/02/2008 02:51:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner[1].exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4022 / Warning
Event Submitted/Written: 05/02/2008 07:35:40 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001E8C84C0D6. The IP address being used is 169.254.245.168.

Event Record #/Type4021 / Warning
Event Submitted/Written: 05/02/2008 07:35:34 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E8C84C0D6. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3969 / Error
Event Submitted/Written: 05/02/2008 05:04:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3968 / Error
Event Submitted/Written: 05/02/2008 05:03:15 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type3967 / Error
Event Submitted/Written: 05/02/2008 05:00:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-05-03 01:22:10 ------------

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:07 PM

Posted 05 May 2008 - 12:00 AM

Hello justin05,

I have merged your newer topic with your previously existing topic. Please be sure to complete the instructions that Buckeye Sam gave you. Also, please use the Add Reply button to post the requested logs. Posting new topics confuses things and delays the assistance you receive.

Back you you Sam,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#5 justin05

justin05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 05 May 2008 - 12:16 AM

I have the jaymyka.wen9 in my computer. I have AVG 8.0 installed in my computer and everytime Iit performed a scan it always say that my computer is clean. But the name jaymyka.wen9 always comes out in the title bar everytime I use internet explorer. Plus I can't open my drive C & D through the My Computer icon. When I double click this drives I am always asked what program should I use to open drive C/drive D. Enclosed is the log from DSS. Hope you can help me with my problem.



Deckard's System Scanner v20071014.68
Run by Sheila1 on 2008-05-03 01:14:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-05-02 17:14:17 UTC - RP60 - Deckard's System Scanner Restore Point
13: 2008-04-29 14:51:09 UTC - RP59 - System Checkpoint
12: 2008-04-19 01:36:35 UTC - RP58 - System Checkpoint
11: 2008-04-12 03:14:03 UTC - RP57 - System Checkpoint
10: 2008-04-11 02:28:09 UTC - RP56 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-29 19:30:24 UTC - RP47 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sheila1.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-03 01:21:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\AVG\AVG8\avgcmgr.exe
C:\Documents and Settings\Sheila1\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
F0 - system.ini: Shell=explorer.exe "C:\WINDOWS\services.exe"
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\services.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: QSS Toolbar - {80ad36e4-7d72-40f4-8505-b7750c8f20bd} - C:\Program Files\QSS\tbQSS.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ampli] WINDOWS\system32\mveo.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nav_x] c:\smss.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 12896 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - c:\smss.exe


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 03:09:42 626 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheila1.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-02 06:13:34 0 d-------- C:\Program Files\Trend Micro
2008-04-28 22:37:33 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-28 22:33:28 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-28 22:19:51 0 d-------- C:\Program Files\PopCap Games
2008-04-27 10:29:05 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-04-27 10:29:05 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-04-27 10:29:05 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-04-27 10:29:05 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-04-27 10:29:05 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-04-27 10:29:05 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-04-27 10:27:59 188960 --a------ C:\WINDOWS\system\Wingde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-04-27 10:27:59 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-27 10:27:59 92208 --a------ C:\WINDOWS\system\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2008-04-27 10:27:59 0 d-------- C:\Program Files\Mindscape
2008-04-27 10:25:36 0 d-------- C:\BRAINSTM
2008-04-24 06:25:45 32 ---h----- C:\WINDOWS\popcinfo.dat
2008-04-24 06:15:18 0 d-------- C:\Documents and Settings\Sheila1\Application Data\SpinTop
2008-04-20 12:37:44 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Talkback
2008-04-20 12:37:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-20 12:36:21 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Mozilla
2008-04-12 12:28:30 0 d--h----- C:\$AVG8.VAULT$
2008-04-09 23:14:51 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-09 23:14:50 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AVGTOOLBAR
2008-04-09 23:13:48 0 d-------- C:\Program Files\AVG
2008-04-09 23:13:47 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 23:08:41 0 d-------- C:\WINDOWS\system32\CatRoot2-Old
2008-04-09 23:05:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-05 09:29:47 2936832 --a------ C:\WINDOWS\system32\MA2_6.scr
2008-04-05 09:29:46 0 d-------- C:\Program Files\SereneScreen
2008-04-05 09:25:56 97848 --a------ C:\WINDOWS\system32\bass.dll <Not Verified; Un4seen Developments; >
2008-04-04 03:01:26 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Apple Computer
2008-04-04 02:58:00 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-04 02:33:41 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 02:33:21 0 d-------- C:\Program Files\Real
2008-04-04 02:31:38 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Real
2008-04-04 02:13:46 0 d-------- C:\Program Files\Winamp Toolbar
2008-04-04 02:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-04 02:11:02 0 d-------- C:\Program Files\Winamp
2008-04-04 02:11:02 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Winamp
2008-04-04 01:03:45 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-04 01:02:21 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 01:02:21 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-05-03 01:15:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-02 23:43:28 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 23:22:16 0 d-------- C:\Program Files\lg_fwupdate
2008-05-02 05:55:44 0 d-------- C:\Program Files\Messenger
2008-05-02 05:55:44 0 d-------- C:\Program Files\Knowledge Adventure
2008-04-20 12:40:36 0 d-------- C:\Documents and Settings\Sheila1\Application Data\PlayFirst
2008-04-12 13:41:36 0 d-------- C:\Program Files\Mystery Case Files Huntsville
2008-04-12 08:38:09 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Corel
2008-04-12 08:37:24 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-09 10:44:12 0 d-------- C:\Program Files\Mystery Case Files Ravenhearst
2008-04-07 13:15:46 0 d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-04-04 02:33:41 0 d-------- C:\Program Files\Common Files
2008-04-04 02:33:38 0 d-------- C:\Program Files\Common Files\Real
2008-03-29 23:57:14 0 d-------- C:\Documents and Settings\Sheila1\Application Data\PC Tools
2008-03-28 23:54:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-28 04:05:26 0 d-------- C:\Program Files\QSS
2008-03-28 04:05:25 0 d-------- C:\Program Files\Conduit
2008-03-28 02:41:01 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AdobeUM
2008-03-27 01:53:37 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Adobe
2008-03-27 00:45:11 0 d-------- C:\Program Files\GameHouse
2008-03-25 15:27:00 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Google
2008-03-25 08:03:12 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Uniblue
2008-03-25 07:58:13 0 d-------- C:\Program Files\Security Task Manager
2008-03-25 07:58:13 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Help
2008-03-24 23:16:04 0 d-------- C:\Program Files\Alwil Software
2008-03-24 22:51:28 0 d-------- C:\Program Files\Disc2Phone
2008-03-24 22:48:22 0 d-------- C:\Program Files\Google
2008-03-24 22:37:52 0 d-------- C:\Program Files\QuickTime
2008-03-24 22:34:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\AdobeAUM
2008-03-24 22:32:20 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Leadertech
2008-03-24 22:30:34 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Teleca
2008-03-24 22:29:54 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Sony Ericsson
2008-03-24 22:28:00 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-24 22:27:41 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-24 22:27:36 0 d-------- C:\Program Files\Sony Ericsson
2008-03-24 22:17:16 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Sony Corporation
2008-03-24 22:15:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 22:13:27 0 d-------- C:\Program Files\Sony
2008-03-24 19:06:19 0 d-------- C:\Program Files\MSXML 4.0
2008-03-24 16:24:16 0 d-------- C:\Documents and Settings\Sheila1\Application Data\GameHouse
2008-03-24 15:16:20 0 d-------- C:\Program Files\Yahoo!
2008-03-24 15:16:05 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Yahoo!
2008-03-24 14:58:26 0 d-------- C:\Program Files\Mystery Case Files [3-in-1][PC games] [vertigo173]
2008-03-24 14:55:35 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-03-24 14:54:48 0 d-------- C:\Program Files\Common Files\L&H
2008-03-24 14:54:47 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-24 14:54:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-24 14:54:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-24 01:07:10 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Ahead
2008-03-24 01:01:04 0 d-------- C:\Documents and Settings\Sheila1\Application Data\CyberLink
2008-03-23 19:49:19 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-23 19:47:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-23 19:45:24 0 d-------- C:\Program Files\Nero
2008-03-23 19:39:09 0 d-------- C:\Program Files\CyberLink
2008-03-22 00:46:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-22 00:46:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-22 00:46:17 62 --ahs---- C:\Documents and Settings\Sheila1\Application Data\desktop.ini
2008-03-21 19:33:52 0 d-------- C:\Program Files\Symantec
2008-03-21 18:48:00 7176121 --a------ C:\WINDOWS\system32\VIPv3_EXT.dll
2008-03-21 18:45:58 0 d-------- C:\Documents and Settings\Sheila1\Application Data\WinRAR
2008-03-21 18:34:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Macromedia
2008-03-21 17:53:53 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Microsoft Web Folders
2008-03-21 17:48:53 8 -r-hs---- C:\WINDOWS\system32\EC02369FC8.sys
2008-03-21 17:48:25 0 d-------- C:\Program Files\Common Files\Corel
2008-03-21 17:47:41 0 d-------- C:\Program Files\Corel
2008-03-21 17:41:15 0 d-------- C:\Program Files\Norton Internet Security
2008-03-21 17:33:33 0 d-------- C:\Program Files\Realtek
2008-03-21 17:33:30 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-21 17:31:48 0 d-------- C:\Program Files\Intel
2008-03-21 17:22:15 0 d-------- C:\Documents and Settings\Sheila1\Application Data\Identities
2008-03-21 17:17:37 0 d-------- C:\Program Files\microsoft frontpage
2008-03-21 17:17:21 0 -rahs---- C:\MSDOS.SYS
2008-03-21 17:17:21 0 -rahs---- C:\IO.SYS
2008-03-21 17:17:21 0 --a------ C:\CONFIG.SYS
2008-03-21 17:17:21 0 --a------ C:\AUTOEXEC.BAT
2008-03-21 17:16:24 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-21 17:15:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-21 17:15:21 0 d-------- C:\Program Files\Movie Maker
2008-03-21 17:14:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-21 17:14:23 0 d-------- C:\Program Files\Online Services
2008-03-21 17:14:14 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-21 17:14:04 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/20/2008 06:36 AM 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80ad36e4-7d72-40f4-8505-b7750c8f20bd}]
03/13/2008 10:30 AM 1524248 --a------ C:\Program Files\QSS\tbQSS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/09/2008 11:14 PM 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{80AD36E4-7D72-40F4-8505-B7750C8F20BD}"= C:\Program Files\QSS\tbQSS.dll [03/13/2008 10:30 AM 1524248]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [03/20/2008 06:36 AM 1267040]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [04/09/2008 11:14 PM 2051328]

[-HKEY_CLASSES_ROOT\CLSID\{80AD36E4-7D72-40F4-8505-B7750C8F20BD}]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 05:59 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/03/2008 10:26 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [03/26/2008 10:24 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [11/24/2006 01:06 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/24/2008 10:37 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/02/2008 02:49 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 02:33 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/09/2008 11:14 PM]
"ampli"="WINDOWS\system32\mveo.exe" []
"VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe" [01/17/2006 07:15 PM]
"Vistadrv"="C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [07/30/2006 02:37 AM]
"VIPv3_Auto_Update"="C:\WINDOWS\VIPv3\CheckForUpdates.exe" [09/08/2006 03:54 PM]
"SkyTel"="SkyTel.EXE" [10/11/2007 11:04 AM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [10/25/2007 11:57 AM C:\WINDOWS\RTHDCPL.exe]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 07:11 AM]
"nwiz"="nwiz.exe" [01/03/2008 10:26 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/03/2008 10:26 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe" []
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [08/23/2007 05:36 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"nav_x"="c:\smss.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]

C:\Documents and Settings\Sheila1\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [3/24/2008 10:13:41 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\WINDOWS\services.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdc840f-f762-11dc-bfab-806d6172696f}]
AutoRun\command- jay.exe
explore\Command- jay.exe
open\Command- jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdc8410-f762-11dc-bfab-806d6172696f}]
AutoRun\command- jay.exe
explore\Command- jay.exe
open\Command- jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a70138-0829-11dd-852d-001e8c84c0d6}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddb43ae-f9ac-11dc-9bae-001e8c84c0d6}]
- F:\ms-dos\ntdlr.com

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-03 01:22:10 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1023.17 MiB / 452.31 MiB
Pagefile Memory (total/avail): 2460.37 MiB / 1704.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.78 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 73.24 GiB total, 59.05 GiB free.
D: is Fixed (NTFS) - 75.8 GiB total, 75.68 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160215AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 73.24 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 75.8 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.) Disabled
AV: AVG Anti-Virus v8.0 (AVG Technologies)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sheila1\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHEILA
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sheila1
LOGONSERVER=\\SHEILA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sheila1\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sheila1\LOCALS~1\Temp
USERDOMAIN=SHEILA
USERNAME=Sheila1
USERPROFILE=C:\Documents and Settings\Sheila1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sheila1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Communications Inc.® L1 Gigabit Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Corel Snapfire DVD Maker --> MsiExec.exe /X{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}
Corel Snapfire Plus --> MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\Hijackcheck\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
JumpStart 1st Grade 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JS1G2001\DeIsL1.isu"
JumpStart Kindergarten 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSKG2001\DeIsL1.isu"
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Mystery Case Files Huntsville --> "C:\WINDOWS\Mystery Case Files Huntsville\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Huntsville\Uninstall\uninstall.xml"
Mystery Case Files Prime Suspects --> "C:\WINDOWS\Mystery Case Files Prime Suspects\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Prime Suspects\Uninstall\uninstall.xml"
Mystery Case Files Ravenhearst --> "C:\WINDOWS\Mystery Case Files Ravenhearst\uninstall.exe" "/U:C:\Program Files\Mystery Case Files Ravenhearst\Uninstall\uninstall.xml"
Nero 7 Essentials --> MsiExec.exe /X{69589221-D76E-4C88-8388-A7943C851033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QSS Toolbar --> C:\PROGRA~1\QSS\UNWISE.EXE C:\PROGRA~1\QSS\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super Collapse! from GameHouse --> C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Vista Icon Pack v3 System Patch --> VIPuninstall.bat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Suggest Add-on for IE7 --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1585 / Error
Event Submitted/Written: 05/03/2008 01:18:25 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Sheila1.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1584 / Error
Event Submitted/Written: 05/02/2008 11:27:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1562 / Error
Event Submitted/Written: 05/02/2008 05:17:35 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1528 / Error
Event Submitted/Written: 05/02/2008 02:51:50 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner[1].exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1527 / Error
Event Submitted/Written: 05/02/2008 02:51:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ATF-Cleaner[1].exe, version 3.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4022 / Warning
Event Submitted/Written: 05/02/2008 07:35:40 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001E8C84C0D6. The IP address being used is 169.254.245.168.

Event Record #/Type4021 / Warning
Event Submitted/Written: 05/02/2008 07:35:34 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001E8C84C0D6. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3969 / Error
Event Submitted/Written: 05/02/2008 05:04:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3968 / Error
Event Submitted/Written: 05/02/2008 05:03:15 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type3967 / Error
Event Submitted/Written: 05/02/2008 05:00:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-05-03 01:22:10 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 05 May 2008 - 08:40 AM

Thanks Orange Blossom! :thumbsup:

justin05 - Please follow these steps.

Click Start -> Control Panel -> Add Remove Programs and uninstall this program:

QSS Toolbar


=============



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new combofix log in your next reply.


==============


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 justin05

justin05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 05 May 2008 - 11:26 AM

Enclosed are the logs from DrWeb & Combomfix


PopCap Games DRM Protection Remover 0.1.exe;C:\RECYCLER\S-1-5-21-790525478-436374069-725345543-1003\Dc2\Hammer Heads Deluxe;Trojan.DownLoader.56025;Deleted.;
A0059567.exe;C:\System Volume Information\_restore{E6D80AE7-F47A-4B91-9588-2E49B253621A}\RP68;Trojan.DownLoader.56025;Deleted.;
Process.exe;C:\WINDOWS\VIPv3;Tool.Prockill;Incurable.Moved.;
process.exe;C:\WINDOWS\VIPv3\resources;Tool.Prockill;Incurable.Moved.;



ComboFix 08-05-01.3 - Sheila1 2008-05-06 0:15:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.282 [GMT 8:00]
Running from: C:\Documents and Settings\Sheila1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 23:12 . 2008-05-06 00:09 <DIR> d-------- C:\Documents and Settings\Sheila1\DoctorWeb
2008-05-05 07:16 . 2008-05-05 07:16 <DIR> dr-h----- C:\Documents and Settings\Sheila1\Application Data\SecuROM
2008-05-05 07:16 . 2008-05-05 07:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-05 06:22 . 2008-05-05 06:22 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\MSNInstaller
2008-05-05 06:14 . 2008-05-05 22:57 108 --a------ C:\WINDOWS\disney.ini
2008-05-05 06:13 . 2008-05-05 06:59 192 --a------ C:\WINDOWS\disneysy.ini
2008-05-03 01:13 . 2008-05-03 01:13 <DIR> d-------- C:\Deckard
2008-05-02 06:13 . 2008-05-02 06:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 22:37 . 2008-04-28 22:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-28 22:33 . 2008-04-28 22:33 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-04-27 10:27 . 2008-04-27 10:27 <DIR> d-------- C:\Program Files\Mindscape
2008-04-27 10:27 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\Wingde.dll
2008-04-27 10:27 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-04-27 10:27 . 1995-08-15 08:57 12,800 --a------ C:\WINDOWS\system\Wing32.dll
2008-04-27 10:27 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\Wingdib.drv
2008-04-27 10:27 . 1994-09-02 00:00 5,195 --a------ C:\WINDOWS\system\Dva.386
2008-04-27 10:27 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\Wingpal.wnd
2008-04-24 06:25 . 2008-04-28 22:26 32 ---h----- C:\WINDOWS\popcinfo.dat
2008-04-24 06:15 . 2008-04-24 06:15 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\SpinTop
2008-04-20 13:30 . 2008-04-24 05:37 160 --a------ C:\WINDOWS\mafosav.INI
2008-04-20 12:37 . 2008-04-20 12:37 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\Talkback
2008-04-20 12:37 . 2008-04-20 12:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-12 12:28 . 2008-05-02 05:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-09 23:15 . 2008-04-09 23:15 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-09 23:15 . 2008-04-09 23:15 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-09 23:15 . 2008-04-09 23:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-09 23:14 . 2008-05-05 23:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-09 23:14 . 2008-04-11 10:26 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\AVGTOOLBAR
2008-04-09 23:14 . 2008-04-09 23:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-09 23:13 . 2008-04-09 23:13 <DIR> d-------- C:\Program Files\AVG
2008-04-09 23:13 . 2008-04-10 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 23:13 . 2008-04-09 23:13 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-04-09 23:13 . 2008-04-09 23:13 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-04-09 23:08 . 2008-04-09 23:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2-Old
2008-04-09 22:58 . 2008-05-06 00:15 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-05 09:29 . 2008-04-05 09:29 <DIR> d-------- C:\Program Files\SereneScreen
2008-04-05 09:29 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr
2008-04-05 09:25 . 2003-12-17 14:38 97,848 --a------ C:\WINDOWS\system32\bass.dll
2008-04-05 06:52 . 2008-04-05 06:52 407,429 --a------ C:\shirley_itenerary.pdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 14:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 14:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 14:48 --------- d-----w C:\Program Files\lg_fwupdate
2008-05-05 00:59 --------- d-----w C:\Program Files\Conduit
2008-05-04 22:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 22:54 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-04 22:33 --------- d-----w C:\Program Files\QSS
2008-05-04 01:16 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-05-01 21:55 --------- d-----w C:\Program Files\Knowledge Adventure
2008-04-27 01:12 --------- d-----w C:\Program Files\Winamp
2008-04-20 04:40 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\PlayFirst
2008-04-12 02:00 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Winamp
2008-04-12 00:38 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Corel
2008-04-12 00:37 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-07 05:15 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2008-04-03 19:01 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Apple Computer
2008-04-03 18:33 --------- d-----w C:\Program Files\Real
2008-04-03 18:33 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-03 18:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-03 17:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-28 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-28 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-28 15:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 18:41 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\AdobeUM
2008-03-26 16:45 --------- d-----w C:\Program Files\GameHouse
2008-03-25 00:03 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Uniblue
2008-03-24 23:58 --------- d-----w C:\Program Files\Security Task Manager
2008-03-24 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-24 15:16 --------- d-----w C:\Program Files\Alwil Software
2008-03-24 14:48 --------- d-----w C:\Program Files\Google
2008-03-24 14:37 --------- d-----w C:\Program Files\QuickTime
2008-03-24 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-24 14:34 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\AdobeAUM
2008-03-24 14:32 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Leadertech
2008-03-24 14:30 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Teleca
2008-03-24 14:29 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Sony Ericsson
2008-03-24 14:17 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Sony Corporation
2008-03-24 14:13 --------- d-----w C:\Program Files\Sony
2008-03-24 11:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-24 08:24 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\GameHouse
2008-03-24 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-03-24 07:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-24 07:16 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 07:16 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Yahoo!
2008-03-24 06:58 --------- d-----w C:\Program Files\Mystery Case Files [3-in-1][PC games] [vertigo173]
2008-03-24 06:55 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\L&H
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-23 17:07 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Ahead
2008-03-23 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-23 17:01 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\CyberLink
2008-03-23 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-23 11:49 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-23 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-23 11:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 11:45 --------- d-----w C:\Program Files\Nero
2008-03-23 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-23 11:39 --------- d-----w C:\Program Files\CyberLink
2008-03-21 11:33 --------- d-----w C:\Program Files\Symantec
2008-03-21 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-21 10:48 7,176,121 ----a-w C:\WINDOWS\system32\VIPv3_EXT.dll
2008-03-21 09:53 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Microsoft Web Folders
2008-03-21 09:48 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-21 09:47 --------- d-----w C:\Program Files\Corel
2008-03-21 09:41 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-21 09:41 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-21 09:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-21 09:41 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-21 09:41 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-21 09:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-21 09:33 --------- d-----w C:\Program Files\Realtek
2008-03-21 09:31 --------- d-----w C:\Program Files\Intel
2008-03-21 09:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-09 23:14 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-09 23:14 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-09 23:14 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"nav_x"="c:\smss.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-03 22:26 13508608]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-03-26 10:24 249856]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-24 22:37 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-02 02:49 36352]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 02:33 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-09 23:14 1177368]
"ampli"="WINDOWS\system32\mveo.exe" [ ]
"VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe" [2006-01-17 19:15 319488]
"Vistadrv"="C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [2006-07-30 02:37 121089]
"VIPv3_Auto_Update"="C:\WINDOWS\VIPv3\CheckForUpdates.exe" [2006-09-08 15:54 23723]
"SkyTel"="SkyTel.EXE" [2007-10-11 11:04 1826816 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 11:57 16855552 C:\WINDOWS\RTHDCPL.exe]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 07:11 771704]
"nwiz"="nwiz.exe" [2008-01-03 22:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-03 22:26 86016]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe" [ ]

C:\Documents and Settings\Sheila1\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-03-24 22:13:41 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-09 23:15]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-09 23:14]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-09 23:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-09 23:14]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-09 23:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-09 23:15]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 08:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 23:13]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 23:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddb43ae-f9ac-11dc-9bae-001e8c84c0d6}]
\Shell\AutoRun\command - F:\ms-dos\ntdlr.com
\Shell\Explore\command - F:\ms-dos\ntdlr.com
\Shell\Open\command - F:\ms-dos\ntdlr.com

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 19:09:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheila1.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 00:16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 0:18:25
ComboFix-quarantined-files.txt 2008-05-05 16:18:12

Pre-Run: 63,020,019,712 bytes free
Post-Run: 63,107,461,120 bytes free

243 --- E O F --- 2008-04-11 02:29:57

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 06 May 2008 - 09:37 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\mveo.exe
C:\WINDOWS\system32\msveo.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ampli"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fddb43ae-f9ac-11dc-9bae-001e8c84c0d6}]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


Let me know how your computer is behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 justin05

justin05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 06 May 2008 - 12:43 PM

Hi! below is the new combofix log & hijack this log.
I can access drive C & D now using My Computer.
Thanks. :thumbsup:


ComboFix 08-05-01.3 - Sheila1 2008-05-07 1:20:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.545 [GMT 8:00]
Running from: C:\Documents and Settings\Sheila1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sheila1\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\msveo.exe
C:\WINDOWS\system32\mveo.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-06 07:24 . 2008-05-06 07:24 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-06 07:20 . 2008-05-06 07:20 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-05 23:12 . 2008-05-06 00:09 <DIR> d-------- C:\Documents and Settings\Sheila1\DoctorWeb
2008-05-05 07:16 . 2008-05-05 07:16 <DIR> dr-h----- C:\Documents and Settings\Sheila1\Application Data\SecuROM
2008-05-05 07:16 . 2008-05-05 07:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-05 06:22 . 2008-05-05 06:22 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\MSNInstaller
2008-05-05 06:14 . 2008-05-05 22:57 108 --a------ C:\WINDOWS\disney.ini
2008-05-05 06:13 . 2008-05-05 06:59 192 --a------ C:\WINDOWS\disneysy.ini
2008-05-03 01:13 . 2008-05-03 01:13 <DIR> d-------- C:\Deckard
2008-05-02 06:13 . 2008-05-02 06:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 22:37 . 2008-04-28 22:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-28 22:33 . 2008-04-28 22:33 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-04-27 10:27 . 2008-04-27 10:27 <DIR> d-------- C:\Program Files\Mindscape
2008-04-27 10:27 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\Wingde.dll
2008-04-27 10:27 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-04-27 10:27 . 1995-08-15 08:57 12,800 --a------ C:\WINDOWS\system\Wing32.dll
2008-04-27 10:27 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\Wingdib.drv
2008-04-27 10:27 . 1994-09-02 00:00 5,195 --a------ C:\WINDOWS\system\Dva.386
2008-04-27 10:27 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\Wingpal.wnd
2008-04-24 06:25 . 2008-04-28 22:26 32 ---h----- C:\WINDOWS\popcinfo.dat
2008-04-24 06:15 . 2008-04-24 06:15 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\SpinTop
2008-04-20 13:30 . 2008-04-24 05:37 160 --a------ C:\WINDOWS\mafosav.INI
2008-04-20 12:37 . 2008-04-20 12:37 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\Talkback
2008-04-20 12:37 . 2008-04-20 12:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-12 12:28 . 2008-05-02 05:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-09 23:15 . 2008-04-09 23:15 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-09 23:15 . 2008-04-09 23:15 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-09 23:15 . 2008-04-09 23:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-09 23:14 . 2008-05-06 07:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-09 23:14 . 2008-04-11 10:26 <DIR> d-------- C:\Documents and Settings\Sheila1\Application Data\AVGTOOLBAR
2008-04-09 23:14 . 2008-04-09 23:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-09 23:13 . 2008-04-09 23:13 <DIR> d-------- C:\Program Files\AVG
2008-04-09 23:13 . 2008-04-10 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 23:13 . 2008-04-09 23:13 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-04-09 23:13 . 2008-04-09 23:13 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-04-09 23:08 . 2008-04-09 23:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2-Old
2008-04-09 22:58 . 2008-05-06 00:15 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-06 17:07 --------- d-----w C:\Program Files\lg_fwupdate
2008-05-05 14:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 14:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 00:59 --------- d-----w C:\Program Files\Conduit
2008-05-04 22:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 22:54 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-04 01:16 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2008-05-01 21:55 --------- d-----w C:\Program Files\Knowledge Adventure
2008-04-27 01:12 --------- d-----w C:\Program Files\Winamp
2008-04-20 04:40 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\PlayFirst
2008-04-12 02:00 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Winamp
2008-04-12 00:38 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Corel
2008-04-12 00:37 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-07 05:15 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2008-04-05 01:29 --------- d-----w C:\Program Files\SereneScreen
2008-04-03 19:01 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Apple Computer
2008-04-03 18:33 --------- d-----w C:\Program Files\Real
2008-04-03 18:33 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-03 18:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-03 17:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-28 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-28 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-28 15:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 18:41 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\AdobeUM
2008-03-26 16:45 --------- d-----w C:\Program Files\GameHouse
2008-03-25 00:03 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Uniblue
2008-03-24 23:58 --------- d-----w C:\Program Files\Security Task Manager
2008-03-24 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-24 15:16 --------- d-----w C:\Program Files\Alwil Software
2008-03-24 14:48 --------- d-----w C:\Program Files\Google
2008-03-24 14:37 --------- d-----w C:\Program Files\QuickTime
2008-03-24 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-24 14:34 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\AdobeAUM
2008-03-24 14:32 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Leadertech
2008-03-24 14:30 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Teleca
2008-03-24 14:29 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Sony Ericsson
2008-03-24 14:17 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Sony Corporation
2008-03-24 14:13 --------- d-----w C:\Program Files\Sony
2008-03-24 11:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-24 08:24 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\GameHouse
2008-03-24 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-03-24 07:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-24 07:16 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 07:16 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Yahoo!
2008-03-24 06:58 --------- d-----w C:\Program Files\Mystery Case Files [3-in-1][PC games] [vertigo173]
2008-03-24 06:55 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\L&H
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-24 06:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-23 17:07 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Ahead
2008-03-23 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-23 17:01 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\CyberLink
2008-03-23 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-23 11:49 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-23 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-23 11:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 11:45 --------- d-----w C:\Program Files\Nero
2008-03-23 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-23 11:39 --------- d-----w C:\Program Files\CyberLink
2008-03-21 11:33 --------- d-----w C:\Program Files\Symantec
2008-03-21 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-21 10:48 7,176,121 ----a-w C:\WINDOWS\system32\VIPv3_EXT.dll
2008-03-21 09:53 --------- d-----w C:\Documents and Settings\Sheila1\Application Data\Microsoft Web Folders
2008-03-21 09:48 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-21 09:47 --------- d-----w C:\Program Files\Corel
2008-03-21 09:41 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-21 09:41 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-21 09:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-21 09:41 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-21 09:41 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-21 09:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-21 09:33 --------- d-----w C:\Program Files\Realtek
2008-03-21 09:31 --------- d-----w C:\Program Files\Intel
2008-03-21 09:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-06_ 0.18.05.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 14:48:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 17:06:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-09 23:14 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-09 23:14 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-09 23:14 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"nav_x"="c:\smss.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-03 22:26 13508608]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-03-26 10:24 249856]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-24 22:37 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-02 02:49 36352]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 02:33 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-09 23:14 1177368]
"VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe" [2006-01-17 19:15 319488]
"Vistadrv"="C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe" [2006-07-30 02:37 121089]
"VIPv3_Auto_Update"="C:\WINDOWS\VIPv3\CheckForUpdates.exe" [2006-09-08 15:54 23723]
"SkyTel"="SkyTel.EXE" [2007-10-11 11:04 1826816 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 11:57 16855552 C:\WINDOWS\RTHDCPL.exe]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 07:11 771704]
"nwiz"="nwiz.exe" [2008-01-03 22:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-03 22:26 86016]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-15 04:09 157592]

C:\Documents and Settings\Sheila1\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-03-24 22:13:41 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-09 23:15]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-09 23:14]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-09 23:14]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-09 23:14]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-09 23:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-09 23:15]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 08:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 23:13]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 23:13]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 19:09:42 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheila1.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 01:22:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-07 1:23:50
ComboFix-quarantined-files.txt 2008-05-06 17:23:47
ComboFix2.txt 2008-05-05 16:18:26

Pre-Run: 62,986,153,984 bytes free
Post-Run: 63,078,588,416 bytes free

245





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:19 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nav_x] c:\smss.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10549 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:19 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\Hijackcheck\Hcheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\WINDOWS\VIPv3\VIPtooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nav_x] c:\smss.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10549 bytes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 07 May 2008 - 01:05 AM

Run Hijackthis again, click scan, and Put a checkmark next to the line listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKCU\..\Run: [nav_x] c:\smss.exe


Reboot and post a new hijackthis log.
How is everything working now? Any issues or remaining problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 justin05

justin05
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 13 May 2008 - 11:57 PM

After my last log here last May 7, 2008 my computer was disconnected from the internet. Thinking that maybe the internet service provider had trouble in their part I just waited for the next day to see if it will be fixed. But after three days of not being able to connect to the internet I called my ISP to see what is wrong & then I found out that ny computer is reading my lan connection. I tried to connect a different CPU and it did connect to the internet using my dsl connection. I tried to connect my CPU to a different dsl connection and was able to connect to the internet. My friend told me that my lan card is defective but I don't think that is the problem because the dsl connection at the back of my cpu is working. I didn't do anything to my computer except what you have instructed me to do last May 6, 2008. Please help me. I really need to connect to the internet. Right now I am using my office computer.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 14 May 2008 - 04:33 PM

I tried to connect my CPU to a different dsl connection and was able to connect to the internet.

This would seem to indicate that the problem is not with your computer, but rather your DSL connection. Have you tried resetting the modem?
I would be in contact with your ISP on this.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:07 PM

Posted 13 June 2008 - 02:45 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users