Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirusxp & Malware Protector 2008


  • This topic is locked This topic is locked
22 replies to this topic

#1 hmi

hmi

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 28 June 2008 - 03:51 PM

Hi,
Have been infected wsith Antivirus XP 2008 & Malware Protector 2008. Have the dreaded blue screen and a "warning Spyware detected on your computer"
Restore points have been removed, ran virus scan, Malwarebytes Anti-Malware, Ad-Aware, Spybot, have cleaned out
temp files, internet files, sysclean, and numerous other things. Have done this repeatedly in regular and safe mode, still no luck.
What am I missing? Any help will be greatly appreciated...

Here is my Hijackthis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:51 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\lphclh8j0et7e.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\blphclh8j0et7e.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwmc.uwc.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [lphclh8j0et7e] C:\WINDOWS\system32\lphclh8j0et7e.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SMshcjh8j0et7e] C:\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8769 bytes

BC AdBot (Login to Remove)

 


m

#2 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 28 June 2008 - 04:06 PM

Hi, welcome to BC. :thumbsup:

Unfortunately, one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

#3 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 28 June 2008 - 05:33 PM

Drex,
Thank you for replying back...
This is my daughters computer, that is mainly used for internet use and music...
The computer crashed about 2 months ago and we did a re-install then...
not sure if it was infected with this back door trojan than or not..
Have no problems with re-installing, was actually thinking of possibly installing
a new hard drive. and starting from scratch if need be..
With this type of virus, would either one of those options be preferable?
or when you say it is compromised, is it compromised to the point that re-installing
or a new hard drive would not necessarily make a difference? or is getting a new
computer the only answer?
There is really nothing of importance that would be lost on the computer to worry about.

Also, another question I have, this "infected" laptop was running wireless... when the puter
is infected and running wireless, are hackers able to get into other computers running
wireless on the same system??? (I dont know if thats a stupid question or not.. not to
computer illit) I do know that we dont have the puters networked together...
was just wondering...

Also, since last post, am getting error messages with the blue screen saying things like...

A problem has been detected and windows has been shut down to prevent damage to your computer

sysinternals_great_site
bad_header
panic_stack_switch
maximum,wait objects exceeded
bogus_driver
unexpected_kernel_mode_trap
etc.....

So, what would you suggest we do next with the puter,
Thanks again for your help.

#4 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 28 June 2008 - 09:37 PM

Hi again, unless there is another reason to buy a new hard drive (or computer), it isn't necessary to get rid of the problem here. Doing a reformat and reinstalling the operating system will give you a fresh start. Since the computer isn't used for anything sensitive, it may not be necessary, but it is the safest choice. As for the concern about the other computers, if there is not any connection shared between them, they are fine. Even if they were connected, the chance of the others being infected and thus compromised by the same thing is small.

It doesn't sound like the computer is used for much that would be of value to someone who may be getting the information. Like I said, it's safest to go ahead and just clean off the disk and start over. It may not be necessary and to be honest, from what I can see now (which admittedly isn't much with just a HijackThis log) there shouldn't be a problem cleaning the computer. Really, it just comes down to - do you think it's necessary to reinstall knowing that the computer may not be secure after it's cleaned. From the looks of things it doesn't seem like it will take long to clean up the machine though, if that's what you wish to do. If you're not backing up data to put back on, reinstalling may not take much longer though.

I probably didn't say much there, but really it is your decision based on the knowledge of the risk (which may be low here) versus time involved with a reinstall instead of cleaning it. I'll be glad to help clean it up if you wish. Let me know what you decide or if you have any more questions. :thumbsup:

#5 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 29 June 2008 - 12:08 AM

Sounds great Drex,
lets give er a try and clean it up...
What do I need to do next.?
Thanks

#6 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 29 June 2008 - 06:11 PM

Hi again,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\lphclh8j0et7e.exe
    C:\WINDOWS\system32\blphclh8j0et7e.scr
    C:\Program Files\shcjh8j0et7e
    C:\WINDOWS\system32\sysrest32.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Please download Malwarebytes' Anti-Malware and save it to your Desktop.
Alternate download location
Alternate download location

Double-click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post this log in your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Finally

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So, if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using this program.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet, especially if you're asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


In your next reply, please be sure to include the logs from OTMoveIt2, MBAM, and DSS.

#7 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 29 June 2008 - 09:56 PM

Ok, did what you posted...
Here are the logs

C:\WINDOWS\system32\lphclh8j0et7e.exe moved successfully.
C:\WINDOWS\system32\blphclh8j0et7e.scr moved successfully.
C:\Program Files\shcjh8j0et7e moved successfully.
File/Folder C:\WINDOWS\system32\sysrest32.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06292008_211842


Malwarebytes' Anti-Malware 1.18
Database version: 895

9:30:24 PM 6/29/2008
mbam-log-6-29-2008 (21-29-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 56472
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> No action taken.

Files Infected:
C:\_OTMoveIt\MovedFiles\06292008_211842\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe (Rogue.MalwareProtector) -> No action taken.
C:\_OTMoveIt\MovedFiles\06292008_211842\Program Files\shcjh8j0et7e\shcjh8j0et7eSkin.dll (Rogue.MalwareProtector) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.



Deckard's System Scanner v20071014.68
Run by Sam on 2008-06-29 21:40:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-30 02:40:33 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-28 20:15:56 UTC - RP2 - Last good restore point
1: 2008-06-28 20:15:42 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-29 21:46:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ico.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sam\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwmc.uwc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [lphclh8j0et7e] C:\WINDOWS\system32\lphclh8j0et7e.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SMshcjh8j0et7e] C:\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 9184 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
S3 DellBIOS - c:\windows\dellbios.sys
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_01C91028&REV_03\3&61AAA01&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_01C91028&REV_03\3&61AAA01&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1370 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&2FA23535&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1370 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00051028&REV_02\4&2FA23535&0&18F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 19:46:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-28 13:22:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-28 12:46:01 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 11:30:06 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 11:30:06 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 09:10:52 0 d-------- C:\sysclean
2008-06-27 11:55:13 0 d-------- C:\Documents and Settings\Sam\Application Data\shcjh8j0et7e
2008-06-27 11:40:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-06-27 11:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 11:40:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 10:20:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 09:26:32 0 d-------- C:\Program Files\Lavasoft
2008-06-27 09:26:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 08:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-27 08:35:57 0 d-------- C:\Program Files\McAfee.com
2008-06-23 22:09:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-23 21:13:04 0 d-------- C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e
2008-06-21 13:10:21 0 d-------- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR
2008-06-17 13:14:04 14336 --a------ C:\Documents and Settings\Sam\Application Data\xdjgh.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-29 21:32:37 0 d-------- C:\Documents and Settings\Sam\Application Data\LimeWire
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files
2008-06-21 14:39:58 0 d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2008-06-21 14:15:59 0 d-------- C:\Program Files\vol_toolbar
2008-06-10 12:50:11 0 d-------- C:\Program Files\LimeWire
2008-06-08 19:44:50 0 d-------- C:\Documents and Settings\Sam\Application Data\vol_toolbar
2008-05-25 13:22:34 0 d-------- C:\Documents and Settings\Sam\Application Data\AdobeUM
2008-05-20 14:58:39 0 d-------- C:\Documents and Settings\Sam\Application Data\Motive
2008-05-20 14:42:33 0 d-------- C:\Program Files\Verizon
2008-05-20 14:40:55 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 03:01:35 0 d-------- C:\Program Files\MSXML 4.0
2008-05-12 12:26:25 0 d-------- C:\Documents and Settings\Sam\Application Data\Verizon
2008-05-12 12:22:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-12 12:03:49 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-12 12:03:31 0 d-------- C:\Program Files\Raxco
2008-05-12 12:03:18 0 d-------- C:\Program Files\CA
2008-05-12 12:00:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 12:00:40 0 d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2008-05-12 11:52:35 33 --a------ C:\Documents and Settings\Sam\Application Data\install.ini
2008-05-12 11:49:07 0 --ahs---- C:\Documents and Settings\Sam\Application Data\0048287489b44be5a3f436f99b0d5730f830aaf269e966ef01.dat
2008-05-12 07:39:41 0 d-------- C:\Program Files\Google
2008-05-12 07:33:35 0 d-------- C:\Program Files\Messenger
2008-05-12 07:00:49 0 d-------- C:\Documents and Settings\Sam\Application Data\ICAClient
2008-05-12 07:00:46 0 d-------- C:\Program Files\Citrix
2008-05-12 06:24:24 0 d-------- C:\Documents and Settings\Sam\Application Data\Help
2008-05-12 05:37:12 0 d-------- C:\Documents and Settings\Sam\Application Data\Google
2008-05-12 03:55:37 0 d-------- C:\Documents and Settings\Sam\Application Data\acccore
2008-05-12 03:55:22 0 d-------- C:\Program Files\AIM6
2008-05-12 03:54:54 0 d-------- C:\Program Files\AIM Search
2008-05-12 03:54:51 0 d-------- C:\Program Files\Viewpoint
2008-05-12 03:54:21 0 d-------- C:\Program Files\Common Files\AOL
2008-05-11 22:08:47 0 d-------- C:\Program Files\iTunes
2008-05-11 22:08:34 0 d-------- C:\Program Files\iPod
2008-05-11 22:07:53 0 d-------- C:\Program Files\Bonjour
2008-05-11 22:07:36 0 d-------- C:\Program Files\QuickTime
2008-05-11 22:05:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 22:05:21 0 d-------- C:\Program Files\Common Files\Apple
2008-05-11 21:57:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-05-11 21:39:02 0 d-------- C:\Documents and Settings\Sam\Application Data\Sun
2008-05-11 21:36:18 0 d-------- C:\Program Files\Java
2008-05-11 21:32:01 0 d-------- C:\Program Files\Common Files\Java
2008-05-11 10:41:32 0 d-------- C:\Program Files\SymNetDrv
2008-05-11 00:09:32 0 d-------- C:\Program Files\MUSICMATCH
2008-05-10 22:59:47 0 d-------- C:\Program Files\Broadcom
2008-05-10 22:30:42 0 d-------- C:\Documents and Settings\Sam\Application Data\Symantec
2008-05-10 22:29:29 0 d-------- C:\Program Files\SigmaTel
2008-05-10 22:25:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 22:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 22:20:28 0 d-------- C:\Program Files\Dell
2008-05-10 22:15:01 0 d-------- C:\Program Files\Intel
2008-05-10 22:13:24 5120 --a------ C:\WINDOWS\DellBIOS.Sys
2008-05-10 22:13:13 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-05-10 22:03:02 0 d-------- C:\Program Files\CyberLink
2008-05-10 21:53:05 0 d-------- C:\Documents and Settings\Sam\Application Data\Identities
2008-05-10 21:46:35 0 d-------- C:\Program Files\microsoft frontpage
2008-05-10 21:45:58 0 -rahs---- C:\MSDOS.SYS
2008-05-10 21:45:58 0 -rahs---- C:\IO.SYS
2008-05-10 21:45:58 0 --a------ C:\CONFIG.SYS
2008-05-10 21:45:58 0 --a------ C:\AUTOEXEC.BAT
2008-05-10 21:43:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-10 21:43:45 0 d-------- C:\Program Files\Online Services
2008-05-10 21:42:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-10 21:42:36 0 d-------- C:\Program Files\Movie Maker
2008-05-10 21:42:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-10 21:40:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-10 21:40:34 0 d-------- C:\Program Files\Windows NT
2008-05-10 14:34:06 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-10 14:34:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-10 14:33:30 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 07:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 07:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 07:10 PM]
"PMX Daemon"="ICO.EXE" [06/09/2006 02:47 PM C:\WINDOWS\system32\ico.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 02:48 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 12:22 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/20/2004 03:24 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/20/2004 03:24 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [02/13/2008 01:03 PM]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [02/26/2008 05:11 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 01:30 PM]
"lphclh8j0et7e"="C:\WINDOWS\system32\lphclh8j0et7e.exe" []
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" []
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"SMshcjh8j0et7e"="C:\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [4/18/2008 2:21:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-29 21:47:19 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.50GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 503.37 MiB / 127.79 MiB
Pagefile Memory (total/avail): 1228.64 MiB / 865.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.68 MiB

C: is Fixed (NTFS) - 52.73 GiB total, 47.14 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD600VE-75HDT1 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 52.73 GiB - C:
\PARTITION2 - Unknown - 3.1 GiB


How's it look?

#8 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 29 June 2008 - 10:09 PM

The Malwarebytes' log is showing no action taken, did you have it fix what it found? If not please run that again and let it fix them. I'll post back with further instructions probably sometime tomorrow.

#9 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 29 June 2008 - 10:34 PM

I think what I must have posted was a log i saved before i did the "remove"...

here is the log after... and I also redid malwarebytes again.. and posted
that new log after the first...

Malwarebytes' Anti-Malware 1.18
Database version: 895

9:30:32 PM 6/29/2008
mbam-log-6-29-2008 (21-30-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 56472
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

Files Infected:
C:\_OTMoveIt\MovedFiles\06292008_211842\Program Files\shcjh8j0et7e\shcjh8j0et7e.exe (Rogue.MalwareProtector) -> Delete on reboot.
C:\_OTMoveIt\MovedFiles\06292008_211842\Program Files\shcjh8j0et7e\shcjh8j0et7eSkin.dll (Rogue.MalwareProtector) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.18
Database version: 895

10:27:24 PM 6/29/2008
mbam-log-6-29-2008 (22-27-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 56587
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 30 June 2008 - 07:55 PM

Hi again,

[*] Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e
C:\Documents and Settings\Sam\Application Data\xdjgh.exe

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Next


Open notepad and copy and paste next present in the quote box below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphclh8j0et7e"=-
"sysrest32.exe"=-
"McRegWiz"=-
"MCAgentExe"=-
"MCUpdateExe"=-
"SMshcjh8j0et7e"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)


Then

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Reboot the computer. Then, do a scan with DSS (Deckard's System Scanner). In your next reply, please be sure to include the logs from OTMoveIT2, Kaspersky, and the new DSS log.

#11 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 July 2008 - 08:10 AM

Morning,
Here's the new logs..


C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Packages moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e\Quarantine moved successfully.
C:\Documents and Settings\Sam\Application Data\rhcgh8j0et7e moved successfully.
C:\Documents and Settings\Sam\Application Data\xdjgh.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06302008_222510


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 01, 2008 02:53:25
Records in database: 900976
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 25664
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:34:14


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\06302008_222510\Documents and Settings\Sam\Application Data\xdjgh.exe Infected: not-a-virus:FraudTool.Win32.AwolaAntiSpyware.pp 1

The selected area was scanned.


Deckard's System Scanner v20071014.68
Run by Sam on 2008-07-01 08:02:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Sam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:52 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe

Thanks

#12 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 01 July 2008 - 11:46 AM

Hi, the DSS log got cut off, please post all of it.

#13 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 July 2008 - 12:01 PM

Sorry about that....

Here you go


Deckard's System Scanner v20071014.68
Run by Sam on 2008-07-01 08:02:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Sam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:52 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sam\Desktop\dss.exe
C:\DOCUME~1\Sam\Desktop\Sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwmc.uwc.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8028 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-28 13:22:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-28 12:46:01 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 11:30:06 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 11:30:06 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 09:10:52 0 d-------- C:\sysclean
2008-06-27 11:55:13 0 d-------- C:\Documents and Settings\Sam\Application Data\shcjh8j0et7e
2008-06-27 11:40:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-06-27 11:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 11:40:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 10:20:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 09:26:32 0 d-------- C:\Program Files\Lavasoft
2008-06-27 09:26:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 08:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-27 08:35:57 0 d-------- C:\Program Files\McAfee.com
2008-06-23 22:09:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 13:10:21 0 d-------- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR


-- Find3M Report ---------------------------------------------------------------

2008-07-01 07:55:31 0 d-------- C:\Documents and Settings\Sam\Application Data\LimeWire
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files
2008-06-21 14:39:58 0 d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2008-06-21 14:15:59 0 d-------- C:\Program Files\vol_toolbar
2008-06-10 12:50:11 0 d-------- C:\Program Files\LimeWire
2008-06-08 19:44:50 0 d-------- C:\Documents and Settings\Sam\Application Data\vol_toolbar
2008-05-25 13:22:34 0 d-------- C:\Documents and Settings\Sam\Application Data\AdobeUM
2008-05-20 14:58:39 0 d-------- C:\Documents and Settings\Sam\Application Data\Motive
2008-05-20 14:42:33 0 d-------- C:\Program Files\Verizon
2008-05-20 14:40:55 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 03:01:35 0 d-------- C:\Program Files\MSXML 4.0
2008-05-12 12:26:25 0 d-------- C:\Documents and Settings\Sam\Application Data\Verizon
2008-05-12 12:22:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-12 12:03:49 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-12 12:03:31 0 d-------- C:\Program Files\Raxco
2008-05-12 12:03:18 0 d-------- C:\Program Files\CA
2008-05-12 12:00:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 12:00:40 0 d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2008-05-12 11:52:35 33 --a------ C:\Documents and Settings\Sam\Application Data\install.ini
2008-05-12 11:49:07 0 --ahs---- C:\Documents and Settings\Sam\Application Data\0048287489b44be5a3f436f99b0d5730f830aaf269e966ef01.dat
2008-05-12 07:39:41 0 d-------- C:\Program Files\Google
2008-05-12 07:33:35 0 d-------- C:\Program Files\Messenger
2008-05-12 07:00:49 0 d-------- C:\Documents and Settings\Sam\Application Data\ICAClient
2008-05-12 07:00:46 0 d-------- C:\Program Files\Citrix
2008-05-12 06:24:24 0 d-------- C:\Documents and Settings\Sam\Application Data\Help
2008-05-12 05:37:12 0 d-------- C:\Documents and Settings\Sam\Application Data\Google
2008-05-12 03:55:37 0 d-------- C:\Documents and Settings\Sam\Application Data\acccore
2008-05-12 03:55:22 0 d-------- C:\Program Files\AIM6
2008-05-12 03:54:54 0 d-------- C:\Program Files\AIM Search
2008-05-12 03:54:51 0 d-------- C:\Program Files\Viewpoint
2008-05-12 03:54:21 0 d-------- C:\Program Files\Common Files\AOL
2008-05-11 22:08:47 0 d-------- C:\Program Files\iTunes
2008-05-11 22:08:34 0 d-------- C:\Program Files\iPod
2008-05-11 22:07:53 0 d-------- C:\Program Files\Bonjour
2008-05-11 22:07:36 0 d-------- C:\Program Files\QuickTime
2008-05-11 22:05:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 22:05:21 0 d-------- C:\Program Files\Common Files\Apple
2008-05-11 21:57:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-05-11 21:39:02 0 d-------- C:\Documents and Settings\Sam\Application Data\Sun
2008-05-11 21:36:18 0 d-------- C:\Program Files\Java
2008-05-11 21:32:01 0 d-------- C:\Program Files\Common Files\Java
2008-05-11 10:41:32 0 d-------- C:\Program Files\SymNetDrv
2008-05-11 00:09:32 0 d-------- C:\Program Files\MUSICMATCH
2008-05-10 22:59:47 0 d-------- C:\Program Files\Broadcom
2008-05-10 22:30:42 0 d-------- C:\Documents and Settings\Sam\Application Data\Symantec
2008-05-10 22:29:29 0 d-------- C:\Program Files\SigmaTel
2008-05-10 22:25:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 22:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 22:20:28 0 d-------- C:\Program Files\Dell
2008-05-10 22:15:01 0 d-------- C:\Program Files\Intel
2008-05-10 22:13:24 5120 --a------ C:\WINDOWS\DellBIOS.Sys
2008-05-10 22:13:13 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-05-10 22:03:02 0 d-------- C:\Program Files\CyberLink
2008-05-10 21:53:05 0 d-------- C:\Documents and Settings\Sam\Application Data\Identities
2008-05-10 21:46:35 0 d-------- C:\Program Files\microsoft frontpage
2008-05-10 21:45:58 0 -rahs---- C:\MSDOS.SYS
2008-05-10 21:45:58 0 -rahs---- C:\IO.SYS
2008-05-10 21:45:58 0 --a------ C:\CONFIG.SYS
2008-05-10 21:45:58 0 --a------ C:\AUTOEXEC.BAT
2008-05-10 21:43:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-10 21:43:45 0 d-------- C:\Program Files\Online Services
2008-05-10 21:42:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-10 21:42:36 0 d-------- C:\Program Files\Movie Maker
2008-05-10 21:42:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-10 21:40:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-10 21:40:34 0 d-------- C:\Program Files\Windows NT
2008-05-10 14:34:06 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-10 14:34:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-10 14:33:30 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 07:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 07:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 07:10 PM]
"PMX Daemon"="ICO.EXE" [06/09/2006 02:47 PM C:\WINDOWS\system32\ico.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 02:48 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 12:22 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/20/2004 03:24 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/20/2004 03:24 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [02/13/2008 01:03 PM]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [02/26/2008 05:11 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 01:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [4/18/2008 2:21:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-01 08:03:12 ------------

#14 drex23

drex23

    Bleeping Existence


  • Members
  • 456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 01 July 2008 - 12:17 PM

No problem. Let's do this now:

Please navigate to and delete the folder in bold:
C:\Documents and Settings\Sam\Application Data\shcjh8j0et7e


Then, make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Documents and Settings\Sam\Application Data\0048287489b44be5a3f436f99b0d5730f830aaf269e966ef01.dat

Please post back the results of the scan in your next post. Also, include a new log from DSS and let me know if you had any problems. How is everything working now?

#15 hmi

hmi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 July 2008 - 01:57 PM

I'm not sure if I am doing the virustotal correct...

I went to browse and clicked on the file you stated...
then clicked on "send file"
this is what I get in response

0 bytes size received / Se ha recibido un archivo vacio

am I doing this correctly??

in case this is correct, here is my current dss log

Things seem to be running better, but still have the dreaded
blue / yellow "warning! spyware detected on your computer"

Deckard's System Scanner v20071014.68
Run by Sam on 2008-07-01 13:58:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Sam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:06 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Documents and Settings\Sam\Desktop\dss.exe
C:\DOCUME~1\Sam\Desktop\Sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwmc.uwc.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7989 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-28 13:22:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-28 12:46:01 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-28 11:30:06 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-28 11:30:06 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-28 11:30:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-28 11:30:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-28 11:30:06 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-28 11:30:06 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 09:10:52 0 d-------- C:\sysclean
2008-06-27 11:40:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-06-27 11:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 11:40:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 10:20:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 09:26:32 0 d-------- C:\Program Files\Lavasoft
2008-06-27 09:26:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 08:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-27 08:35:57 0 d-------- C:\Program Files\McAfee.com
2008-06-23 22:09:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 13:10:21 0 d-------- C:\Documents and Settings\Sam\Application Data\AVGTOOLBAR


-- Find3M Report ---------------------------------------------------------------

2008-07-01 11:57:33 0 d-------- C:\Documents and Settings\Sam\Application Data\LimeWire
2008-06-27 09:25:49 0 d-------- C:\Program Files\Common Files
2008-06-21 14:39:58 0 d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2008-06-21 14:15:59 0 d-------- C:\Program Files\vol_toolbar
2008-06-10 12:50:11 0 d-------- C:\Program Files\LimeWire
2008-06-08 19:44:50 0 d-------- C:\Documents and Settings\Sam\Application Data\vol_toolbar
2008-05-25 13:22:34 0 d-------- C:\Documents and Settings\Sam\Application Data\AdobeUM
2008-05-20 14:58:39 0 d-------- C:\Documents and Settings\Sam\Application Data\Motive
2008-05-20 14:42:33 0 d-------- C:\Program Files\Verizon
2008-05-20 14:40:55 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 03:01:35 0 d-------- C:\Program Files\MSXML 4.0
2008-05-12 12:26:25 0 d-------- C:\Documents and Settings\Sam\Application Data\Verizon
2008-05-12 12:22:02 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-12 12:03:49 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-12 12:03:31 0 d-------- C:\Program Files\Raxco
2008-05-12 12:03:18 0 d-------- C:\Program Files\CA
2008-05-12 12:00:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 12:00:40 0 d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2008-05-12 11:52:35 33 --a------ C:\Documents and Settings\Sam\Application Data\install.ini
2008-05-12 11:49:07 0 --ahs---- C:\Documents and Settings\Sam\Application Data\0048287489b44be5a3f436f99b0d5730f830aaf269e966ef01.dat
2008-05-12 07:39:41 0 d-------- C:\Program Files\Google
2008-05-12 07:33:35 0 d-------- C:\Program Files\Messenger
2008-05-12 07:00:49 0 d-------- C:\Documents and Settings\Sam\Application Data\ICAClient
2008-05-12 07:00:46 0 d-------- C:\Program Files\Citrix
2008-05-12 06:24:24 0 d-------- C:\Documents and Settings\Sam\Application Data\Help
2008-05-12 05:37:12 0 d-------- C:\Documents and Settings\Sam\Application Data\Google
2008-05-12 03:55:37 0 d-------- C:\Documents and Settings\Sam\Application Data\acccore
2008-05-12 03:55:22 0 d-------- C:\Program Files\AIM6
2008-05-12 03:54:54 0 d-------- C:\Program Files\AIM Search
2008-05-12 03:54:51 0 d-------- C:\Program Files\Viewpoint
2008-05-12 03:54:21 0 d-------- C:\Program Files\Common Files\AOL
2008-05-11 22:08:47 0 d-------- C:\Program Files\iTunes
2008-05-11 22:08:34 0 d-------- C:\Program Files\iPod
2008-05-11 22:07:53 0 d-------- C:\Program Files\Bonjour
2008-05-11 22:07:36 0 d-------- C:\Program Files\QuickTime
2008-05-11 22:05:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-11 22:05:21 0 d-------- C:\Program Files\Common Files\Apple
2008-05-11 21:57:59 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-05-11 21:39:02 0 d-------- C:\Documents and Settings\Sam\Application Data\Sun
2008-05-11 21:36:18 0 d-------- C:\Program Files\Java
2008-05-11 21:32:01 0 d-------- C:\Program Files\Common Files\Java
2008-05-11 10:41:32 0 d-------- C:\Program Files\SymNetDrv
2008-05-11 00:09:32 0 d-------- C:\Program Files\MUSICMATCH
2008-05-10 22:59:47 0 d-------- C:\Program Files\Broadcom
2008-05-10 22:30:42 0 d-------- C:\Documents and Settings\Sam\Application Data\Symantec
2008-05-10 22:29:29 0 d-------- C:\Program Files\SigmaTel
2008-05-10 22:25:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 22:24:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 22:20:28 0 d-------- C:\Program Files\Dell
2008-05-10 22:15:01 0 d-------- C:\Program Files\Intel
2008-05-10 22:13:24 5120 --a------ C:\WINDOWS\DellBIOS.Sys
2008-05-10 22:13:13 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-05-10 22:03:02 0 d-------- C:\Program Files\CyberLink
2008-05-10 21:53:05 0 d-------- C:\Documents and Settings\Sam\Application Data\Identities
2008-05-10 21:46:35 0 d-------- C:\Program Files\microsoft frontpage
2008-05-10 21:45:58 0 -rahs---- C:\MSDOS.SYS
2008-05-10 21:45:58 0 -rahs---- C:\IO.SYS
2008-05-10 21:45:58 0 --a------ C:\CONFIG.SYS
2008-05-10 21:45:58 0 --a------ C:\AUTOEXEC.BAT
2008-05-10 21:43:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-10 21:43:45 0 d-------- C:\Program Files\Online Services
2008-05-10 21:42:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-10 21:42:36 0 d-------- C:\Program Files\Movie Maker
2008-05-10 21:42:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-10 21:40:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-10 21:40:34 0 d-------- C:\Program Files\Windows NT
2008-05-10 14:34:06 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-10 14:34:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-10 14:33:30 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 07:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 07:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 07:10 PM]
"PMX Daemon"="ICO.EXE" [06/09/2006 02:47 PM C:\WINDOWS\system32\ico.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 02:48 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 12:22 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/20/2004 03:24 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/20/2004 03:24 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [02/13/2008 01:03 PM]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [02/26/2008 05:11 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 01:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [4/18/2008 2:21:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-01 13:58:30 ------------

Edited by hmi, 01 July 2008 - 02:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users