Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Spyware Detected On Your Computer!


  • This topic is locked This topic is locked
8 replies to this topic

#1 violarachel

violarachel

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 23 June 2008 - 03:27 PM

I have on my desktop a blue screen with a blue and yellow box in the middle containing the message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."

I also have a screensaver that comes up with a blue screen that starts with "A problem has been detected and windows has been shut down to prevent damage to your computer." It then rotates between various things like "BAD_POOL_HEADER" and "BOGUS_DRIVER" and "PAGE_FAULT_IN_NONPAGED_AREA" and continues with "If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:" and proceeds to give instructions about checking for properly installed software and starting up in safe mode. This screen appears for a while and then rotates to the Windows graphic like it's restarting and then returns to the blue instructions page. The pages will vanish with a tap of a key like a normal screensaver. The screensaver and desktop option controls are missing from the display properties in the control panel.

We had other issues like pops but ran the following programs and haven't had any other problems since: Spyware Doctor, SmitFraudFix, Spybot, and Spy Sweeper as well as Microsoft's free online scanner.

Thank you for your help!


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 23, 2008 13:48:15
Records in database: 880580
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 93749
Threat name 3
Infected objects 4
Suspicious objects 0
Duration of the scan 01:30:05

File name Threat name Threats count
C:\Documents and Settings\Rachel and Barney\Application Data\Sun\Java\Deployment\cache\6.0\27\4e1c045b-5a833a97 Infected: Trojan.Java.ClassLoader.as 2
C:\Documents and Settings\Rachel and Barney\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Incomplete\T-2403010-Top of Charts - 2003 (touch).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
The selected area was scanned.


Deckard's System Scanner v20071014.68
Run by Rachel and Barney on 2008-06-23 12:37:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-06-23 19:37:47 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-06-23 01:02:37 UTC - RP8 - Spyware Doctor: Cleaning Threats
7: 2008-06-22 23:56:46 UTC - RP7 - Cleaned registry with Windows Live OneCare safety scanner
6: 2008-06-22 21:42:11 UTC - RP6 - Software Distribution Service 3.0
5: 2008-06-22 20:18:20 UTC - RP5 - Installed Java™ 6 Update 6


-- First Restore Point --
1: 2008-06-22 06:29:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rachel and Barney.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:20 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rachel and Barney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rachel and Barney.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1access.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lphc7j7j0e56a] C:\WINDOWS\system32\lphc7j7j0e56a.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AXPDefender] "C:\Program Files\AXPDefender\AXPDefender.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msell2 - {9367D24B-8506-471A-915A-CFBB4BCEB631} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSELL2.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: orJwl - {94520D23-3EF8-A789-FCEB-0CB693BF0963} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9075 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Roxio; Roxio's CD-R Helper Drivers>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Service: b57w2k


-- Scheduled Tasks -------------------------------------------------------------

2008-06-21 14:39:22 1522 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 10:01:15 0 d-------- C:\Program Files\Trend Micro
2008-06-23 08:02:45 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender
2008-06-22 17:57:56 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-22 14:56:13 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-22 13:27:33 0 d-------- C:\Documents and Settings\Rachel and Barney\.housecall6.6
2008-06-21 17:23:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-21 17:03:18 5038 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-21 16:15:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 16:15:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:15:01 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\PC Tools
2008-06-21 16:02:42 0 d-------- C:\Program Files\Picasa2
2008-06-21 15:58:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-21 15:56:13 0 d-------- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
2008-06-21 15:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 14:39:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-21 14:39:20 112 --a------ C:\WINDOWS\system32\delself.bat
2008-06-21 14:39:13 0 d-------- C:\Program Files\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-20 08:55:54 60928 --a------ C:\WINDOWS\system32\blphc7j7j0e56a.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-20 08:55:48 109056 --a------ C:\WINDOWS\system32\lphc7j7j0e56a.exe
2008-06-09 08:52:58 12800 --a------ C:\WINDOWS\system32\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:52:58 188960 --a------ C:\WINDOWS\system\WINGDE.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-06-09 08:52:58 92208 --a------ C:\WINDOWS\system\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:51:24 231936 -----n--- C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:24 1052160 -----n--- C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:23 0 d-------- C:\SIERRA
2008-06-09 08:51:23 0 d-------- C:\Program Files\Sierra On-Line
2008-05-25 22:12:28 0 d-------- C:\Program Files\Windward Studios <WINDWA~1>


-- Find3M Report ---------------------------------------------------------------

2008-06-22 19:19:26 0 d-------- C:\Program Files\LimeWire
2008-06-22 18:27:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 13:23:28 0 d-------- C:\Program Files\Java
2008-06-21 17:00:42 0 d-------- C:\Program Files\Norton Security Scan
2008-06-21 17:00:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 16:08:49 0 d-------- C:\Program Files\Google
2008-06-20 07:26:39 0 d-------- C:\Program Files\Incomplete
2008-06-19 20:38:01 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-06-18 18:34:21 0 d-------- C:\Program Files\Football Mogul


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 10:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 05:00 AM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/08/2000 05:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 05:00 AM]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 10:23 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2006 07:32 PM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 07:44 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [06/25/2003 01:18 AM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [06/23/2003 10:12 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/31/2006 01:20 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"lphc7j7j0e56a"="C:\WINDOWS\system32\lphc7j7j0e56a.exe" [06/20/2008 08:55 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/21/2008 03:54 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 09:18 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/25/2006 8:19:52 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [8/12/2006 8:51:27 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/8/2000 1:00:00 PM]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [6/9/2008 10:53:15 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c049-20e3-11db-a07a-806d6172696f}]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c04a-20e3-11db-a07a-806d6172696f}]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6842baaa-bc5a-11db-a163-0013729821be}]




-- End of Deckard's System Scanner: finished at 2008-06-23 12:39:58 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2046.07 MiB / 1467.28 MiB
Pagefile Memory (total/avail): 3938.8 MiB / 3453.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.42 GiB total, 35.38 GiB free.
D: is Fixed (NTFS) - 74.5 GiB total, 74.33 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3808110AS - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 74.42 GiB - C:

\\.\PHYSICALDRIVE1 - ST3808110AS - 74.5 GiB - 1 partition
\PARTITION0 - Installable File System - 74.5 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.0"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Disabled:Rise of Nations"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Documents and Settings\\Rachel and Barney\\Local Settings\\Temp\\.ttC.tmp"="C:\\Documents and Settings\\Rachel and Barney\\Local Settings\\Temp\\.ttC.tmp:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rachel and Barney\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rachel and Barney
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Rachel and Barney
USERPROFILE=C:\Documents and Settings\Rachel and Barney
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rachel and Barney (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The 3DO Company\Army Men II\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Army Men --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The 3DO Company\Army Men\Uninst.isu"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Axis and Allies --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Axis and Allies\Uninst.isu"
Baseball Mogul 2007 --> MsiExec.exe /I{8C93CE61-2752-43C9-A72A-EF8145AE634D}
BioWare Premium Module: Neverwinter Nights™ Kingmaker --> C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights™ Kingmaker.exe
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CEP v1.52 --> "C:\NeverwinterNights\NWN\unins000.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Encarta Language Learning Spanish --> RunDll32 C:\PROGRA~1\MIF408~1\ENCART~1\UNELL20.DLL,Uninstall C:\PROGRA~1\MIF408~1\ENCART~1\SETUP00A\INST00A.LOG
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jarjnlp"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Europa Universalis III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x9
FoneSync --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
Football Mogul --> C:\PROGRA~1\FOOTBA~1\UNWISE.EXE C:\PROGRA~1\FOOTBA~1\INSTALL.LOG
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3f1_2d90bdd\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
L&H PCMM ASR1600 for Windows V3 Basic --> C:\WINDOWS\uninst.exe -fC:\ASR3232\DeIsL1.isu -lASR320BASV3.2 -c"C:\ASR3232\ASR300UI.DLL
L&H PCMM ASR1600 for Windows V3 Engine --> C:\WINDOWS\uninst.exe -fC:\ASR3232\DeIsL2.isu -lASR320ENGN44V3.2 -c"C:\ASR3232\ASR300UI.DLL
L&H PCMM ASR1600 for Windows V3 Mexican Spanish --> C:\WINDOWS\uninst.exe -fC:\ASR3232\DeIsL3.isu
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Streets and Trips 2001 --> MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe E:\
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
R.E. Lee Civil War General --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CivilWar\Uninst.isu
Railroad Tycoon II - Platinum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Sid Meier's Civilization 4 --> C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SimCity 2000® Special Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
The Rosetta Stone 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\FLT\DeIsL2.isu"
TurboTax Basic 2007 --> C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windward Studios Page 2 Stage 1.02 --> C:\PROGRA~1\WINDWA~1\PAGE2S~1\unwise32.exe /A C:\PROGRA~1\WINDWA~1\PAGE2S~1\install.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type4939 / Error
Event Submitted/Written: 06/22/2008 01:16:21 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Java™ 6 Update 6 -- Internal Error 2755. 1624, http://javadl.sun.com/webapps/download/Get...6.0_06-iftw.msi

Event Record #/Type4884 / Error
Event Submitted/Written: 06/21/2008 03:56:17 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Norton Security Scan -- Installation terminated

Event Record #/Type4832 / Error
Event Submitted/Written: 06/19/2008 01:29:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bb2k7.exe, version 9.4.5.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426d.
Processing media-specific event for [bb2k7.exe!ws!]

Event Record #/Type4826 / Error
Event Submitted/Written: 06/18/2008 11:55:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application BB2K7.exe, version 9.4.5.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4825 / Error
Event Submitted/Written: 06/18/2008 11:21:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bb2k7.exe, version 9.4.5.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426d.
Processing media-specific event for [bb2k7.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29882 / Error
Event Submitted/Written: 06/23/2008 08:08:38 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.

Event Record #/Type29863 / Warning
Event Submitted/Written: 06/23/2008 08:06:40 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00184D3653B3. The IP address being used is 169.254.124.68.

Event Record #/Type29862 / Warning
Event Submitted/Written: 06/23/2008 08:06:30 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{C64F5A09-B326-4CE4-AA27-4EB79863FFC7}.

Event Record #/Type29861 / Warning
Event Submitted/Written: 06/23/2008 08:06:17 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184D3653B3. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type29822 / Warning
Event Submitted/Written: 06/22/2008 08:30:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00184D3653B3. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-06-23 12:39:58 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 23 June 2008 - 06:08 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender
    C:\WINDOWS\system32\blphc7j7j0e56a.scr 
    C:\WINDOWS\system32\lphc7j7j0e56a.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 violarachel

violarachel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 23 June 2008 - 09:33 PM

Log from OTMoveIt2:

C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Packages moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender\Quarantine moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender\AXPDefender moved successfully.
C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender moved successfully.
C:\WINDOWS\system32\blphc7j7j0e56a.scr moved successfully.
C:\WINDOWS\system32\lphc7j7j0e56a.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06232008_191541




Deckard's System Scanner v20071014.68
Run by Rachel and Barney on 2008-06-23 19:28:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Rachel and Barney.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:11 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Rachel and Barney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RACHEL~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1access.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lphc7j7j0e56a] C:\WINDOWS\system32\lphc7j7j0e56a.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AXPDefender] "C:\Program Files\AXPDefender\AXPDefender.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msell2 - {9367D24B-8506-471A-915A-CFBB4BCEB631} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSELL2.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: orJwl - {94520D23-3EF8-A789-FCEB-0CB693BF0963} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9212 bytes

-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 10:01:15 0 d-------- C:\Program Files\Trend Micro
2008-06-22 17:57:56 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-22 14:56:13 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-22 13:27:33 0 d-------- C:\Documents and Settings\Rachel and Barney\.housecall6.6
2008-06-21 17:23:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-21 17:03:18 5038 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-21 16:15:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 16:15:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:15:01 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\PC Tools
2008-06-21 16:02:42 0 d-------- C:\Program Files\Picasa2
2008-06-21 15:58:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-21 15:56:13 0 d-------- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
2008-06-21 15:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 14:39:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-21 14:39:20 112 --a------ C:\WINDOWS\system32\delself.bat
2008-06-21 14:39:13 0 d-------- C:\Program Files\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-09 08:52:58 12800 --a------ C:\WINDOWS\system32\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:52:58 188960 --a------ C:\WINDOWS\system\WINGDE.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-06-09 08:52:58 92208 --a------ C:\WINDOWS\system\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:51:24 231936 -----n--- C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:24 1052160 -----n--- C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:23 0 d-------- C:\SIERRA
2008-06-09 08:51:23 0 d-------- C:\Program Files\Sierra On-Line
2008-05-25 22:12:28 0 d-------- C:\Program Files\Windward Studios <WINDWA~1>


-- Find3M Report ---------------------------------------------------------------

2008-06-22 19:19:26 0 d-------- C:\Program Files\LimeWire
2008-06-22 18:27:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 13:23:28 0 d-------- C:\Program Files\Java
2008-06-21 17:00:42 0 d-------- C:\Program Files\Norton Security Scan
2008-06-21 17:00:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 16:08:49 0 d-------- C:\Program Files\Google
2008-06-20 07:26:39 0 d-------- C:\Program Files\Incomplete
2008-06-19 20:38:01 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-06-18 18:34:21 0 d-------- C:\Program Files\Football Mogul


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 10:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 05:00 AM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/08/2000 05:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 05:00 AM]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 10:23 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2006 07:32 PM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 07:44 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [06/25/2003 01:18 AM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [06/23/2003 10:12 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/31/2006 01:20 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"lphc7j7j0e56a"="C:\WINDOWS\system32\lphc7j7j0e56a.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/21/2008 03:54 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 09:18 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/25/2006 8:19:52 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [8/12/2006 8:51:27 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/8/2000 1:00:00 PM]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [6/9/2008 10:53:15 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c049-20e3-11db-a07a-806d6172696f}]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c04a-20e3-11db-a07a-806d6172696f}]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6842baaa-bc5a-11db-a163-0013729821be}]




-- End of Deckard's System Scanner: finished at 2008-06-23 19:28:49 -----------

Thanks!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 24 June 2008 - 07:14 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [lphc7j7j0e56a] C:\WINDOWS\system32\lphc7j7j0e56a.exe
O4 - HKLM\..\Run: [AXPDefender] "C:\Program Files\AXPDefender\AXPDefender.exe"
O21 - SSODL: orJwl - {94520D23-3EF8-A789-FCEB-0CB693BF0963} - (no file)



Then copy this text into OTMoveIt just like you did before.

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage


Reboot your computer.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Also post a new log from DSS.
Let me know how your computer is behaving.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 violarachel

violarachel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 June 2008 - 02:18 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2008 at 11:24 AM

Application Version : 4.15.1000

Core Rules Database Version : 3489
Trace Rules Database Version: 1480

Scan type : Complete Scan
Total Scan Time : 00:59:23

Memory items scanned : 512
Memory threats detected : 0
Registry items scanned : 5642
Registry threats detected : 25
File items scanned : 93678
File threats detected : 37

Adware.Tracking Cookie
C:\Documents and Settings\Rachel and Barney\Cookies\rachel_and_barney@atdmt[2].txt
C:\Documents and Settings\Rachel and Barney\Cookies\rachel_and_barney@ads.sun[2].txt
C:\Documents and Settings\Rachel and Barney\Cookies\rachel_and_barney@msnportal.112.2o7[2].txt
C:\Documents and Settings\Rachel and Barney\Cookies\rachel_and_barney@msnservices.112.2o7[1].txt
C:\Documents and Settings\Rachel and Barney\Cookies\rachel_and_barney@statse.webtrendslive[2].txt
.tribalfusion.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.s.clickability.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.s.clickability.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.valueclick.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.csi.valueclick.net [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.winecountrygetaways.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.winecountrygetaways.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
images.crossmediaservices.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
pt.crossmediaservices.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
sitestats.ets.org [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
sitestat.mayoclinic.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
sitestat.mayoclinic.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
www.lesson-finder.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
ecnext.advertserve.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Rachel and Barney\Application Data\Mozilla\Firefox\Profiles\ucx342fc.default\cookies.txt ]

Rogue.AdvancedXPDefender
HKLM\Software\AXPDefender
HKLM\Software\AXPDefender#MGuid
HKLM\Software\AXPDefender\AXPDefender
HKLM\Software\AXPDefender\AXPDefender#RegistrationUrl
HKLM\Software\AXPDefender\AXPDefender#RegistrationDiscUrl
HKLM\Software\AXPDefender\AXPDefender#ADVid
HKLM\Software\AXPDefender\AXPDefender#InstallDir
HKLM\Software\AXPDefender\AXPDefender#domain
HKLM\Software\AXPDefender\AXPDefender#SoftID
HKLM\Software\AXPDefender\AXPDefender#DatabaseVersion
HKLM\Software\AXPDefender\AXPDefender#ProgramVersion
HKLM\Software\AXPDefender\AXPDefender#EngineVersion
HKLM\Software\AXPDefender\AXPDefender#GuiVersion
HKLM\Software\AXPDefender\AXPDefender#ProxyName
HKLM\Software\AXPDefender\AXPDefender#ProxyPort
HKLM\Software\AXPDefender\AXPDefender#ScanPriority
HKLM\Software\AXPDefender\AXPDefender#DaysInterval
HKLM\Software\AXPDefender\AXPDefender#ScanDepth
HKLM\Software\AXPDefender\AXPDefender#ScanSystemOnStartup
HKLM\Software\AXPDefender\AXPDefender#AutomaticallyUpdates
HKLM\Software\AXPDefender\AXPDefender#MinimizeOnStart
HKLM\Software\AXPDefender\AXPDefender#BackgroundScan
HKLM\Software\AXPDefender\AXPDefender#BackgroundScanTimeout
HKLM\Software\AXPDefender\AXPDefender#InstallationID
HKLM\Software\AXPDefender\AXPDefender#LastTimeStamp
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Advanced XP Defender.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender
C:\Documents and Settings\Rachel and Barney\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001285.EXE

Rogue.Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000004.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0000019.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000049.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000083.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000118.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000251.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000269.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001265.SCR
C:\WINDOWS\SYSTEM32\103.TMP
C:\WINDOWS\SYSTEM32\116.TMP
C:\WINDOWS\SYSTEM32\69.TMP
C:\WINDOWS\SYSTEM32\78.TMP
C:\WINDOWS\SYSTEM32\8F.TMP
C:\WINDOWS\SYSTEM32\A7.TMP
C:\WINDOWS\SYSTEM32\CD.TMP
C:\WINDOWS\SYSTEM32\E.TMP
C:\_OTMOVEIT\MOVEDFILES\06232008_191541\WINDOWS\SYSTEM32\BLPHC7J7J0E56A.SCR

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\PHC7J7J0E56A.BMP





Deckard's System Scanner v20071014.68
Run by Rachel and Barney on 2008-06-24 11:35:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Rachel and Barney.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:27 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Rachel and Barney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RACHEL~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1access.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msell2 - {9367D24B-8506-471A-915A-CFBB4BCEB631} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\MSELL2.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10387 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 10:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 10:20:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 10:20:14 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\SUPERAntiSpyware.com
2008-06-24 10:19:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 10:01:15 0 d-------- C:\Program Files\Trend Micro
2008-06-22 17:57:56 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-22 14:56:13 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-22 13:27:33 0 d-------- C:\Documents and Settings\Rachel and Barney\.housecall6.6
2008-06-21 17:23:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-21 17:03:18 5038 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-21 16:15:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 16:15:01 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:15:01 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\PC Tools
2008-06-21 16:02:42 0 d-------- C:\Program Files\Picasa2
2008-06-21 15:58:49 0 d-------- C:\WINDOWS\system32\runtime
2008-06-21 15:56:13 0 d-------- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
2008-06-21 15:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 14:39:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-21 14:39:20 112 --a------ C:\WINDOWS\system32\delself.bat
2008-06-21 14:39:13 0 d-------- C:\Program Files\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\Rachel and Barney\Application Data\Webroot
2008-06-21 14:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-09 08:52:58 12800 --a------ C:\WINDOWS\system32\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:52:58 188960 --a------ C:\WINDOWS\system\WINGDE.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-06-09 08:52:58 92208 --a------ C:\WINDOWS\system\WING.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-09 08:51:24 231936 -----n--- C:\WINDOWS\system32\SNWValid.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:24 1052160 -----n--- C:\WINDOWS\system32\SierraNW.dll <Not Verified; Cendant Software; World Opponent Network>
2008-06-09 08:51:23 0 d-------- C:\SIERRA
2008-06-09 08:51:23 0 d-------- C:\Program Files\Sierra On-Line
2008-05-25 22:12:28 0 d-------- C:\Program Files\Windward Studios <WINDWA~1>


-- Find3M Report ---------------------------------------------------------------

2008-06-24 10:19:42 0 d-------- C:\Program Files\Common Files
2008-06-22 19:19:26 0 d-------- C:\Program Files\LimeWire
2008-06-22 18:27:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 13:23:28 0 d-------- C:\Program Files\Java
2008-06-21 17:00:42 0 d-------- C:\Program Files\Norton Security Scan
2008-06-21 17:00:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-21 16:08:49 0 d-------- C:\Program Files\Google
2008-06-20 07:26:39 0 d-------- C:\Program Files\Incomplete
2008-06-19 20:38:01 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-06-18 18:34:21 0 d-------- C:\Program Files\Football Mogul


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 10:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 05:00 AM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/08/2000 05:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 05:00 AM]
"@"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 10:23 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2006 07:32 PM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 07:44 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [06/25/2003 01:18 AM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [06/23/2003 10:12 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/31/2006 01:20 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [06/21/2008 03:54 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 09:18 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/25/2006 8:19:52 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 2:22:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [8/12/2006 8:51:27 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/8/2000 1:00:00 PM]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [6/9/2008 10:53:15 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c049-20e3-11db-a07a-806d6172696f}]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b78c04a-20e3-11db-a07a-806d6172696f}]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6842baaa-bc5a-11db-a163-0013729821be}]




-- End of Deckard's System Scanner: finished at 2008-06-24 11:35:58 ------------

Yellow box and warning message are gone but blue background remained after the scans. I looked at the display options in the control panel and the controls for desktop and screen saver are back. I changed the desktop pattern and the icon for the blue one disappeared. I let it sit and the screensaver never appeared, instead in went into normal standby mode. It's looking pretty good!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 24 June 2008 - 06:39 PM

Your log looks clean to me! :)

Let's clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

=================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 violarachel

violarachel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 June 2008 - 09:44 PM

THANK YOU! What an outstanding service you provide! Between you and CAL FIRE you've made my week! I will definitely follow your instructions for protecting my computer in the future (and pass the info on to my husband who is responsible for the mess...but that's a different forum...)!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 25 June 2008 - 08:59 AM

Glad I could help you out! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 09 July 2008 - 10:43 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users