Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Was Hacked By A Keylogger, Need Help Fast


  • This topic is locked This topic is locked
6 replies to this topic

#1 KaelAllynce

KaelAllynce

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 06 July 2008 - 11:24 PM

I have recently had my computer hacked by a keylogger. The account that was compromised was an MMORPG called World of Warcraft. My account security was recently compromised and I have had my password hacked and changed twice now. The first occurrence happened yesterday and i was able to catch it quickly. I changed the password to my account ran my Norton Anti-Virus full system scan and found nothing. I assumed I was in the clear and it was a fluke incidence. However, today I was again hacked and had my password changed. I reset my password again and have had my account temp. suspended. I know that i have a keylogger because he was able to crack two of my passwords that I have NEVER given to anyone. I have spent all day running anti-spyware software and reading blogs on your website. I have run Secunia to make sure all my programs were up to date, I ran Malwarebytes Anti'Malware software, I ran SUPERAntiSpyware, installed Online Armor firewall, ran Kaspersky Online Scanner and Deckard's System Scanner. I am afraid to use any accounts on my computer in fear of them getting hacked by my keylogger. If you can Please Help!!!

Here is the information you should need:

I started out running---


Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 2

1:03:06 AM 7/6/2008
mbam-log-7-6-2008 (01-03-06).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 133317
Time elapsed: 1 hour(s), 15 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gogle (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system12282651.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[2].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[6].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[7].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[8].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[9].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[10].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\c[11].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCASM7XNZ.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCAX4AEMI.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCAYGRMGH.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCA4EZ19F.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCA614LQY.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS8VL6VE\cCAHZUDF7.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[6].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[7].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[8].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q1BN3NWU\c[9].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[6].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[7].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[8].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[9].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[10].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\c[11].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\cCA0AOA21.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\cCA8IFHXO.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\cCAX4Z85C.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\cCAQ6B606.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QQJIRBG2\cCAPX94QL.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[6].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[7].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[8].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[9].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJVXTOYB\c[10].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[1].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[2].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[6].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[7].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UYNX6ZJE\c[8].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FQC7B3H4\c[1].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FQC7B3H4\c[2].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FQC7B3H4\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FQC7B3H4\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[1].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[2].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[3].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[4].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[5].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J3M56174\c[1].exe (Spyware.OnlineGames) -> Delete on reboot.
C:\System Volume Information\_restore{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP815\A0153017.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP817\A0153107.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\google.exe (Trojan.Agent) -> Quarantined and deleted successfully.




I then ran it again after restart and got the following---

Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 2

1:18:46 AM 7/6/2008
mbam-log-7-6-2008 (01-18-46).txt

Scan type: Quick Scan
Objects scanned: 39763
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FQC7B3H4\c[5].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FHDN338Y\c[6].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.



I then ran---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/06/2008 at 03:45 AM

Application Version : 4.15.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 02:21:52

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 5389
Registry threats detected : 3
File items scanned : 96384
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serviceswitching[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[2].txt
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
server.cpmstar.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iwba2261.default\cookies.txt ]

Malware.RepairRegistryPro
HKLM\Software\Repair Registry Pro
HKLM\Software\Repair Registry Pro#lastfounderrors
HKLM\Software\Repair Registry Pro#DontStoreStats


Next I proceeded and ran the Kaspersky scanner---

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 09:31:51
Records in database: 917951
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 98267
Threat name: 5
Infected objects: 31
Suspicious objects: 0
Duration of the scan: 02:45:22


File name / Threat name / Threats count
C:\WINDOWS\system32\KerndDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd1Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd2Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd3Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd4Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd5Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd6Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd7Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd8Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd9Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndADrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndBDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndCDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndDDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndEDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\KerndFDrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd10Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd11Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd12Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd13Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd14Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd15Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd16Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd17Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd18Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd19Drv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\WINDOWS\system32\Kernd1ADrv.dll Infected: Trojan-GameThief.Win32.WOW.bgn 1
C:\Documents and Settings\Owner\Desktop\Nero-6.6.1.15a.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
D:\1-MY Documents\Program Installations\kazaaspeedup.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
D:\1-MY Documents\Program Installations\kazaaspeedup.exe Infected: not-a-virus:AdWare.Win32.GigatechSuperBar 1
D:\2-Desktop\TrojanHunter.exe Infected: Backdoor.Win32.Hupigon.cijc 1

The selected area was scanned.

This scan kind of confused me as I have no option to quarentine or remove these infected files. So i have left that as is and went ahead and ran a F-Secure Online Scan---

Scanning Report
Sunday, July 06, 2008 14:11:33 - 17:04:05

Computer name: GOODTOBEKING
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\

Result: 32 malware found
AdTool.Win32.MyWebSearch (spyware)

* System

Rogue:W32/SpywareStop.A (spyware)

* System

Tracking Cookie (spyware)

* System

Trojan-GameThief.Win32.WOW (virus)

* System

Trojan-GameThief.Win32.WOW.bgn (virus)

* C:\WINDOWS\SYSTEM32\KERNDDRV.DLL
* C:\WINDOWS\SYSTEM32\KERND1DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND2DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND3DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND4DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND5DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND6DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND7DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND8DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND9DRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDADRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDBDRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDCDRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDDDRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDEDRV.DLL
* C:\WINDOWS\SYSTEM32\KERNDFDRV.DLL
* C:\WINDOWS\SYSTEM32\KERND10DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND11DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND12DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND13DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND14DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND15DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND16DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND17DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND18DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND19DRV.DLL
* C:\WINDOWS\SYSTEM32\KERND1ADRV.DLL

W32/Suspicious_N.gen (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ORZ.EXE (Submitted)

Statistics
Scanned:

* Files: 57475
* System: 3934
* Not scanned: 11

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 32
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\STARDOCK\DESKTOPX\WIDGETCACHE\SILICA WEATHER.EXE\PROCESSLOCK
* C:\WINDOWS\SYSTEM32\DRIVERS\OADRIVER.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\OANET.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\OAMON.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-04
* F-Secure AVP: 7.0.171, 2008-07-05
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

I noticed that the program did not quartine or delete any of the virus's so i redid the scan using a custom scan to scan only the C:\ drive of my computer---

Scanning Report
Sunday, July 06, 2008 18:36:39 - 23:49:20

Scanning type: Scan target for malware, rootkits
Target: C:\
Result: 28 malware found
Trojan-GameThief.Win32.WOW.bgn (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154104.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154105.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154106.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154107.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154108.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154109.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154110.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154111.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154112.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154113.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154114.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154115.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154116.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154117.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154118.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154119.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154120.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154121.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154122.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154123.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154124.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154125.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154126.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154127.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154128.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154129.DLL (Renamed)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB33B607-F664-4C7B-848E-0BFCDA5A4800}\RP831\A0154130.DLL (Renamed)

W32/Suspicious_N.gen (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ORZ.EXE

Statistics
Scanned:

* Files: 50309
* System: 3883
* Not scanned: 32

Actions:

* Disinfected: 0
* Renamed: 27
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\DOCUMENTS AND SETTINGS\OWNER\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\OWNER\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\ONLINEARMOR\CLIENT.DAT
* C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IWBA2261.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\STARDOCK\DESKTOPX\WIDGETCACHE\SILICA WEATHER.EXE\PROCESSLOCK
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\DRIVERS\OADRIVER.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\OANET.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\OAMON.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-06
* F-Secure AVP: 7.0.171, 2008-07-05
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan all files
* Use Advanced heuristics


Finally I ran the DSS and here are the results---

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-06 23:58:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2008-07-07 03:58:17 UTC - RP832 - Deckard's System Scanner Restore Point
58: 2008-07-06 18:22:56 UTC - RP831 - Removed URGE
57: 2008-07-06 08:34:53 UTC - RP830 - Removed Adobe® Photoshop® Album Starter Edition 3.0
56: 2008-07-06 08:21:04 UTC - RP829 - Installed Java™ 6 Update 6
55: 2008-07-06 06:08:32 UTC - RP828 - Removed Java™ 6 Update 5


-- First Restore Point --
1: 2008-04-23 18:17:23 UTC - RP774 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:58 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Tall Emu\Online Armor\oaui.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "D:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Silica Weather.lnk = D:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Silica Weather.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127691240675
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127702285421
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7943 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OADevice (OADriver) - c:\windows\system32\drivers\oadriver.sys
R1 OAmon - c:\windows\system32\drivers\oamon.sys
R1 OAnet - c:\windows\system32\drivers\oanet.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DumaNT - c:\windows\system32\drivers\dumant.sys <Not Verified; Windows ® 2000 DDK provider; Stereo Helper Driver>

S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "d:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 SvcOnlineArmor (Online Armor) - "d:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dynex Enhanced G Desktop Card
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_7D0A1799&REV_02\4&2AF9ED5&0&10F0
Manufacturer: Dynex
Name: Dynex Enhanced G Desktop Card #2
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_7D0A1799&REV_02\4&2AF9ED5&0&10F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-07-06 03:30:02 426 --a------ C:\WINDOWS\Tasks\RegistryClear Scheduled Scan.job
2008-07-04 17:31:32 576 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Owner.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 00:00:39 0 d-------- C:\Program Files\Trend Micro
2008-07-06 14:06:07 0 d-------- C:\fsaua.data
2008-07-06 04:21:09 0 d-------- C:\Program Files\Common Files\Java
2008-07-06 02:34:54 0 d-------- C:\Documents and Settings\Owner\Application Data\OnlineArmor
2008-07-06 02:34:54 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-07-06 02:34:24 28872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-07-06 02:34:24 32456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-07-06 02:34:24 80584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-07-06 01:20:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 01:19:55 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-05 23:32:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-05 23:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 22:52:12 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-05 22:52:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-07-05 22:52:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-01 14:31:10 45056 --a------ C:\WINDOWS\system32\belink.dll


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"EM_EXEC"="D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [04/22/2002 09:50 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/03/2005 09:05 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"OnlineArmor GUI"="D:\Program Files\Tall Emu\Online Armor\oaui.exe" [04/17/2008 05:25 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe [6/10/2005 2:56:48 PM]
Silica Weather.lnk - D:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Silica Weather.exe [10/3/2005 4:25:41 AM]
PowerReg Scheduler.exe [11/24/2005 1:58:30 AM]
PowerReg Scheduler V3.exe [11/24/2005 2:11:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [1/4/2007 12:56:35 AM]
Dynex Wireless Networking Utility.lnk - D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe [12/25/2007 7:35:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 03:13 PM 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=C:\WINDOWS\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryClear]
C:\Program Files\RegistryClear\RegistryClear.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"D:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart

*Newly Created Service* - COMHOST
*Newly Created Service* - MCHINJDRV



-- End of Deckard's System Scanner: finished at 2008-07-07 00:05:32 ------------



And the extra.txt---


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1022.8 MiB / 697.3 MiB
Pagefile Memory (total/avail): 1881.02 MiB / 1256.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.31 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 27.93 GiB total, 13.7 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 22.73 GiB free.
E: is Fixed (NTFS) - 46.58 GiB total, 46.58 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3160023A - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 27.95 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 46.58 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Online Armor Firewall v2.1.0.131 (Tall Emu)
FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Program Files\\Soulseek\\slsk.exe"="D:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\EReg\\CCSIEreg.exe"="F:\\EReg\\CCSIEreg.exe:*:Enabled:CCSIEreg"
"D:\\Program Files\\AIM95\\aim.exe"="D:\\Program Files\\AIM95\\aim.exe:*:Disabled:AOL Instant Messenger"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Program Files\\LimeWire\\LimeWire 4.2.3\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire 4.2.3\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\CIV4FANS\\peerchat_irc.exe"="C:\\Program Files\\CIV4FANS\\peerchat_irc.exe:*:Enabled:peerchat_irc"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\Warcraft III\\War3.exe"="D:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\Doom 3\\Doom3.exe"="D:\\Program Files\\Doom 3\\Doom3.exe:*:Enabled:DOOM 3"
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="D:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="D:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe"="D:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOODTOBEKING
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\GOODTOBEKING
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;D:\Program Files\Logitech\SetPoint;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=GOODTOBEKING
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AT&T Yahoo! Applications --> C:\PROGRA~1\YAHOO!\COMMON\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon S200 --> C:\WINDOWS\system32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DesktopX --> D:\PROGRA~1\Stardock\OBJECT~2\DesktopX\UNWISE.EXE D:\PROGRA~1\Stardock\OBJECT~2\DesktopX\INSTALL.LOG
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynex Enhanced G Wireless Desktop Card Setup --> C:\Program Files\InstallShield Installation Information\{1544E39F-0A3A-4920-A530-1264DFB7113D}\setup.exe -runfromtemp -l0x0009 -removeonly
GameSpy Arcade --> D:\PROGRA~1\GAMESP~2\UNWISE.EXE D:\PROGRA~1\GAMESP~2\INSTALL.LOG
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5CE42363-EC4B-4D0D-A27B-9B48F253E556}
LimeWire 4.16.6 --> "D:\Program Files\LimeWire\LimeWire 4.2.3\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\RESOUR~1\rem\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Logitech User's Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBE0FCA1-4E95-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers --> nvStInst.exe /uninstall /ask
Online Armor 2.1 --> "D:\Program Files\Tall Emu\Online Armor\unins000.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Real Estate Study Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92074134-3C4E-4BDB-A190-81C035A636AA}\setup.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Owner\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Warlords --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Owner\Application Data\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x9 -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Terminator --> "D:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ulead DVD MovieFactory 4 Suite Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
Ulead DVD Player 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5C13A44-7C32-4CBB-B318-518B54F834C5}\setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WC3Banlist --> "D:\Program Files\WC3Banlist\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type6334 / Error
Event Submitted/Written: 07/06/2008 06:34:45 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 832360908.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type6333 / Error
Event Submitted/Written: 07/06/2008 06:34:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application fssm32.exe, version 7.60.14020.0, faulting module fm4av.dll, version 2.0.14090.13479, fault address 0x0001fcc1.
Processing media-specific event for [fssm32.exe!ws!]

Event Record #/Type6328 / Error
Event Submitted/Written: 07/06/2008 02:25:24 PM
Event ID/Source: 11905 / MsiInstaller
Event Description:
Product: URGE -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash8c.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.

Event Record #/Type6301 / Error
Event Submitted/Written: 07/06/2008 02:36:46 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type6300 / Error
Event Submitted/Written: 07/06/2008 02:36:45 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type64987 / Error
Event Submitted/Written: 07/06/2008 07:56:05 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for ImagePath with the following error:
%%5

Event Record #/Type64983 / Error
Event Submitted/Written: 07/06/2008 07:41:06 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for ImagePath with the following error:
%%5

Event Record #/Type64982 / Error
Event Submitted/Written: 07/06/2008 07:40:58 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for ImagePath with the following error:
%%5

Event Record #/Type64981 / Warning
Event Submitted/Written: 07/06/2008 05:30:03 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type64980 / Error
Event Submitted/Written: 07/06/2008 05:23:25 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
The ScRegSetValueExW call failed for ImagePath with the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-07-07 00:05:32 ------------




Thank you for your time and I hope that you can help me!!!


sincerely,

Kael

BC AdBot (Login to Remove)

 


m

#2 KaelAllynce

KaelAllynce
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 07 July 2008 - 03:01 PM

Anyone know what i should be doing next?

#3 KaelAllynce

KaelAllynce
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 08 July 2008 - 01:53 PM

Can anyone help me?

#4 KaelAllynce

KaelAllynce
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 10 July 2008 - 12:50 PM

Well it's been a few days and I have not been idly waiting. I have continued to do online scans and running fixes i've read about on this forum. I ran the Panda online scan, the Microsoft online scan, the Trend Micro online scan and also did an SDFix online scan. I have attached the the txt files that i have from these scans and a new DSS log as i'm sure you'll be wanting that too.

SDFix log


SDFix: Version 1.204
Run by Owner on Thu 07/10/2008 at 04:16 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File


It appears that this did not run through to completion for some reason or another. I also found this text file on my desktop after running this scan.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 04:16:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 0

And here are my DSS logs

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-10 13:31:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:26 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Tall Emu\Online Armor\oaui.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "D:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\sdfix\RunThis.bat /second
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Silica Weather.lnk = D:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Silica Weather.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127691240675
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127702285421
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7881 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 03:04:03 0 d-------- C:\WINDOWS\ERUNT
2008-07-10 03:02:00 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-10 03:02:00 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-10 03:02:00 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-10 03:02:00 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-10 03:02:00 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-10 03:02:00 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-10 03:02:00 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-10 03:02:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-10 03:02:00 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-10 03:02:00 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-10 03:02:00 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-10 03:02:00 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-10 03:02:00 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-10 03:01:59 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-09 22:54:57 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-09 19:16:36 0 d-------- C:\Program Files\Panda Security
2008-07-08 16:38:00 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-07 00:00:39 0 d-------- C:\Program Files\Trend Micro
2008-07-06 14:06:07 0 d-------- C:\fsaua.data
2008-07-06 04:21:09 0 d-------- C:\Program Files\Common Files\Java
2008-07-06 02:34:54 0 d-------- C:\Documents and Settings\Owner\Application Data\OnlineArmor
2008-07-06 02:34:54 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-07-06 02:34:24 28872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-07-06 02:34:24 32456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-07-06 02:34:24 80584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-07-06 01:20:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-06 01:19:55 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-05 23:32:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-05 23:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"EM_EXEC"="D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [04/22/2002 09:50 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/03/2005 09:05 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"OnlineArmor GUI"="D:\Program Files\Tall Emu\Online Armor\oaui.exe" [04/17/2008 05:25 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"SDFix"="C:\sdfix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe [6/10/2005 2:56:48 PM]
Silica Weather.lnk - D:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Silica Weather.exe [10/3/2005 4:25:41 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [1/4/2007 12:56:35 AM]
Dynex Wireless Networking Utility.lnk - D:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe [12/25/2007 7:35:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 03:13 PM 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=C:\WINDOWS\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryClear]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"D:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-07-10 13:34:35 ------------



For some reason the extra.txt did not come up. I reran it twice but still nothing. I hope this doesn't indicate a problem...

Anyways, I look forward to your help! :thumbsup:

thanks a bunch


#5 KaelAllynce

KaelAllynce
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 PM

Posted 10 July 2008 - 01:40 PM

SDFix finally worked...

It started randomly on a reboot and gave me this txt file---



SDFix: Version 1.204
Run by Owner on Thu 07/10/2008 at 04:16 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 14:36:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:21 AM

Posted 19 July 2008 - 11:54 PM

Hello KaelAllynce,

Lets make sure you are clear of malware.


Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:21 AM

Posted 02 August 2008 - 02:46 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users