Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Pop-up Removal


  • Please log in to reply
4 replies to this topic

#1 jmar3311

jmar3311

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 07 July 2008 - 05:51 PM

I am having a problem with pop-ups on my computer screen whether I am actually using the system or not. Lately it has started popping up highly graphic material and also anti-virus pop-ups and registry cleaner pop-ups. Also, my desktop will disappear and my "start" toolbar dsappears as well. Sometimes if I restart the computer at that point my desktop will still be inactive once the system starts up again. I can't search the internet without getting one pop-up after another. Sometimes the pop-ups are in direct reference to what I am searching for and sometimes it's completely offensive material. I found a CiD program installed on my computer and have removed the application but I am still experiencing these issues. My reports are pasted below:

Deckard's System Scanner v20071014.68
Run by Brianna on 2008-07-07 15:25:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-07 22:25:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.29 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-07 15:27:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brianna\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0D7DA8D1-6D9B-4DBA-BFE0-5DDDD595919F} - C:\WINDOWS\system32\xxyArpqr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5438E0FA-30F7-4FDF-9F64-07769DA83036} - C:\WINDOWS\system32\fcCVNfca.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {CE6D20EE-C568-4695-9A2A-970AB43501E4} - C:\WINDOWS\system32\cabine.dll
O2 - BHO: {894f8cf5-7409-9f68-d2f4-060c62461abd} - {dba16426-c060-4f2d-86f9-90475fc8f498} - C:\WINDOWS\system32\nqpibf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Jugs Chic.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [50954072] rundll32.exe "C:\WINDOWS\system32\qolojpsd.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/4.../OGAControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fcCVNfca - C:\WINDOWS\system32\fcCVNfca.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgfws8.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


--
End of file - 12901 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 USB22LDR (M-Audio USB MidiSport 2x2 Loader) - c:\windows\system32\drivers\usb22ldr.sys <Not Verified; MIDIMAN; Midiman USB MidiSport 2x2 Loader>
S3 USBMN2X2 (M-Audio USB MidiSport 2x2) - c:\windows\system32\drivers\usbmn2x2.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB MidiSport 2x2 Midi Interface>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 GEARSecurity - system32\gearsec.exe <Not Verified; GEAR Software; gearsec>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&5A988DE&0&00F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&5A988DE&0&00F0
Service: RT2500


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 03:30:00 430 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-06-28 09:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-10-24 23:45:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2005-10-16 23:45:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
2005-10-16 23:03:01 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2005-10-14 14:45:15 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 12:14:57 0 d--h----- C:\$AVG8.VAULT$
2008-07-06 23:42:05 82208 --a------ C:\WINDOWS\system32\qolojpsd.dll
2008-07-06 23:41:46 106240 --a------ C:\WINDOWS\system32\nqpibf.dll
2008-07-06 23:41:42 106240 --a------ C:\WINDOWS\system32\svgkkdss.dll
2008-07-05 21:29:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 21:29:55 0 d-------- C:\Documents and Settings\Brianna\Application Data\AVGTOOLBAR
2008-07-05 21:28:33 0 d-------- C:\Program Files\AVG
2008-07-05 21:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-04 22:51:29 106240 --a------ C:\WINDOWS\system32\udfogd.dll
2008-07-04 22:51:27 106240 --a------ C:\WINDOWS\system32\cqomufnh.dll
2008-07-01 10:39:18 106240 --a------ C:\WINDOWS\system32\soozrg.dll
2008-07-01 10:39:15 106240 --a------ C:\WINDOWS\system32\qqiaocyx.dll
2008-07-01 10:39:05 90960 --a------ C:\WINDOWS\system32\lnwqqoxk.dll
2008-06-30 10:40:19 105872 --a------ C:\WINDOWS\system32\cjdfyh.dll
2008-06-30 10:40:17 105872 --a------ C:\WINDOWS\system32\piisbjqn.dll
2008-06-30 10:38:40 90544 --a------ C:\WINDOWS\system32\oykwkfgl.dll
2008-06-28 21:26:15 88576 --a------ C:\WINDOWS\system32\cabine.dll
2008-06-28 10:40:21 25520 --a------ C:\WINDOWS\system32\wvUnOiGx.dll
2008-06-27 09:22:44 507666 --ahs---- C:\WINDOWS\system32\rqprAyxx.ini2
2008-06-27 09:22:41 314768 --a------ C:\WINDOWS\system32\xxyArpqr.dll
2008-06-27 09:17:37 25568 --a------ C:\WINDOWS\system32\fcCVNfca.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-07 12:39:11 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000006-00000000-00000001-00001102-00000004-40021102}.dat
2008-07-07 12:39:11 384 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000001-00001102-00000004-40021102}.dat
2008-07-05 21:28:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-05 21:28:21 0 d-------- C:\Program Files\Symantec
2008-07-05 21:27:19 0 d-------- C:\Program Files\Common Files
2008-07-05 21:20:01 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 16:08:44 0 d-------- C:\Program Files\MySpace
2008-04-13 18:44:59 62032 --a------ C:\Documents and Settings\Brianna\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7DA8D1-6D9B-4DBA-BFE0-5DDDD595919F}]
06/27/2008 09:22 AM 314768 --a------ C:\WINDOWS\system32\xxyArpqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5438E0FA-30F7-4FDF-9F64-07769DA83036}]
06/27/2008 09:17 AM 25568 --a------ C:\WINDOWS\system32\fcCVNfca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/07/2008 09:40 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE6D20EE-C568-4695-9A2A-970AB43501E4}]
08/04/2004 12:56 AM 88576 --a------ C:\WINDOWS\system32\cabine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dba16426-c060-4f2d-86f9-90475fc8f498}]
07/06/2008 11:41 PM 106240 --a------ C:\WINDOWS\system32\nqpibf.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/07/2008 09:40 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/13/2004 10:10 PM]
"CHotkey"="zHotkey.exe" [07/29/2003 07:06 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 10:09 AM C:\WINDOWS\ShowWnd.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 12:58 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [03/11/2004 04:18 PM]
"@"="" []
"AlcWzrd"="ALCWZRD.EXE" [07/05/2004 07:05 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/02/2004 08:49 PM C:\WINDOWS\ALCMTR.EXE]
"CTHelper"="CTHELPER.EXE" [08/25/2004 01:48 AM C:\WINDOWS\system32\CTHELPER.EXE]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 03:32 AM]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [05/21/2004 07:11 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/01/2004 11:09 AM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/01/2004 11:03 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 02:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/18/2006 01:39 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 03:43 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"eggs joy math type"="C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Jugs Chic.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/07/2008 09:40 AM]
"50954072"="C:\WINDOWS\system32\qolojpsd.dll" [07/06/2008 11:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/2004 03:46 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/20/2006 10:36 PM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 01:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2/4/2004 11:09:49 PM]
Harmony Monitor.lnk - C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe [1/20/2004 11:47:34 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/29/2004 12:06:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5438E0FA-30F7-4FDF-9F64-07769DA83036}"= C:\WINDOWS\system32\fcCVNfca.dll [06/27/2008 09:17 AM 25568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcCVNfca]
fcCVNfca.dll 06/27/2008 09:17 AM 25568 C:\WINDOWS\system32\fcCVNfca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyArpqr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-07 15:29:16 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1021.78 MiB / 390.77 MiB
Pagefile Memory (total/avail): 2460.77 MiB / 1830.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.82 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 3.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE5 - HP PSC 2355 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.)
AV: AVG Internet Security v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"="C:\\Program Files\\Curious Labs\\Poser 6\\Poser.exe:*:Enabled:Poser executable file"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"="C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe:*:Enabled:Collapse! Crunch"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\uTorrent\\Michael\\utorrent.exe"="C:\\Program Files\\uTorrent\\Michael\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brianna\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DATABOX
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brianna
LOGONSERVER=\\DATABOX
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brianna\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brianna\LOCALS~1\Temp
USERDOMAIN=DATABOX
USERNAME=Brianna
USERPROFILE=C:\Documents and Settings\Brianna
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Brianna (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0928DE54-3D14-404F-B577-818690BBF9AF}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F8439B3-FACF-4E6F-A0BE-9525461BC2EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0FDA7E2-BC07-442C-8DA3-6B5BCA15F832}\SETUP.EXE" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Algebra 2 7.0 --> "C:\WINDOWS\Algebra 2\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\Algebra 2\irunin.xml"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bejeweled 2 Deluxe --> "C:\Program Files\Net Zero\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Net Zero\Bejeweled 2 Deluxe\install.log"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cubasis VST 4 --> C:\PROGRA~1\STEINB~1\CUBASI~1\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASI~1\INSTALL.LOG
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
discWelder BRONZE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Minnetonka Audio Software\discWelder BRONZE\Uninst.isu" -c"C:\WINDOWS\System32\\UNINSTALL\UninstWDM.dll"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
E-MU Audio Drivers and E-MU 0404 Documentation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0928DE54-3D14-404F-B577-818690BBF9AF}\Setup.exe" -l0x9 /remove
E-MU PatchMix DSP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F8439B3-FACF-4E6F-A0BE-9525461BC2EC}\setup.exe" -l0x9 /remove
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Harmony Remote --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9 --> c:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Midisport 2x2 1.0.1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio Midisport 2x2\irunin.ini"
Mind Power™ Math - Calculus --> C:\Program Files\The Learning Company\Mind Power™ Math - Calculus\uninstall.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Proteus X --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0FDA7E2-BC07-442C-8DA3-6B5BCA15F832}\SETUP.EXE" -l0x9 /remove
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sony ACID Music Studio 5.0 --> MsiExec.exe /I{B668B8B2-821E-417D-8FE8-AA3BC52064DD}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio Grand --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D12A370-6826-40EA-8545-0FBAAB68E36A}\Setup.EXE" -l0x9
Trigonometry 7.0 --> "C:\WINDOWS\Trigonometry\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\Trigonometry\irunin.xml"
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
X Producer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03C2527C-202F-4791-B670-71E5E7DFD890}\Setup.EXE" -l0x9
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type4321 / Warning
Event Submitted/Written: 07/06/2008 02:12:50 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4303 / Warning
Event Submitted/Written: 07/05/2008 09:17:58 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type4285 / Error
Event Submitted/Written: 07/04/2008 11:14:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4284 / Error
Event Submitted/Written: 07/04/2008 11:14:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4272 / Warning
Event Submitted/Written: 07/04/2008 10:46:30 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type113709 / Error
Event Submitted/Written: 07/07/2008 03:28:11 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WMP54Gv4SVC service.

Event Record #/Type113704 / Error
Event Submitted/Written: 07/07/2008 01:13:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type113481 / Error
Event Submitted/Written: 07/05/2008 09:16:37 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type113478 / Error
Event Submitted/Written: 07/05/2008 09:16:37 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type113475 / Error
Event Submitted/Written: 07/05/2008 09:16:37 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-07-07 15:29:16 ------------

BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:59 PM

Posted 09 July 2008 - 04:37 AM

Hello Jmar3311 and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 jmar3311

jmar3311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 11 July 2008 - 02:54 PM

I have followed each step that you listed above up to #3. I will download and run ComboFix next. Here are my logs. Thank you.

Deckard's System Scanner v20071014.68
Run by Brianna on 2008-07-11 12:46:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.16 GiB (less than 15%) free.


-- HijackThis (run as Brianna.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:20 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Brianna\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brianna.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {0D7DA8D1-6D9B-4DBA-BFE0-5DDDD595919F} - C:\WINDOWS\system32\xxyArpqr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5438E0FA-30F7-4FDF-9F64-07769DA83036} - C:\WINDOWS\system32\fcCVNfca.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {894f8cf5-7409-9f68-d2f4-060c62461abd} - {dba16426-c060-4f2d-86f9-90475fc8f498} - C:\WINDOWS\system32\nqpibf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Jugs Chic.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fcCVNfca - fcCVNfca.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 11397 bytes

-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 12:47:02 0 d-------- C:\Program Files\Trend Micro
2008-07-11 12:28:25 0 d-------- C:\Documents and Settings\Brianna\Application Data\Malwarebytes
2008-07-11 12:28:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 12:28:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 12:14:57 0 d--h----- C:\$AVG8.VAULT$
2008-07-06 23:41:46 106240 --a------ C:\WINDOWS\system32\nqpibf.dll
2008-07-06 23:41:42 106240 --a------ C:\WINDOWS\system32\svgkkdss.dll
2008-07-05 21:29:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 21:29:55 0 d-------- C:\Documents and Settings\Brianna\Application Data\AVGTOOLBAR
2008-07-05 21:28:33 0 d-------- C:\Program Files\AVG
2008-07-05 21:28:32 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-04 22:51:29 106240 --a------ C:\WINDOWS\system32\udfogd.dll
2008-07-04 22:51:27 106240 --a------ C:\WINDOWS\system32\cqomufnh.dll
2008-07-01 10:39:18 106240 --a------ C:\WINDOWS\system32\soozrg.dll
2008-07-01 10:39:15 106240 --a------ C:\WINDOWS\system32\qqiaocyx.dll
2008-07-01 10:39:05 90960 --a------ C:\WINDOWS\system32\lnwqqoxk.dll
2008-06-30 10:40:19 105872 --a------ C:\WINDOWS\system32\cjdfyh.dll
2008-06-30 10:40:17 105872 --a------ C:\WINDOWS\system32\piisbjqn.dll
2008-06-27 09:22:44 507666 --ahs---- C:\WINDOWS\system32\rqprAyxx.ini2


-- Find3M Report ---------------------------------------------------------------

2008-07-11 12:37:33 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000006-00000000-00000001-00001102-00000004-40021102}.dat
2008-07-11 12:37:33 384 --a------ C:\WINDOWS\system32\DVCState-{00000006-00000000-00000001-00001102-00000004-40021102}.dat
2008-07-11 12:35:27 0 d--hs---- C:\Program Files\outlook
2008-07-05 21:28:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-05 21:28:21 0 d-------- C:\Program Files\Symantec
2008-07-05 21:27:19 0 d-------- C:\Program Files\Common Files
2008-07-05 21:20:01 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 16:08:44 0 d-------- C:\Program Files\MySpace
2008-04-13 18:44:59 62032 --a------ C:\Documents and Settings\Brianna\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D7DA8D1-6D9B-4DBA-BFE0-5DDDD595919F}]
C:\WINDOWS\system32\xxyArpqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5438E0FA-30F7-4FDF-9F64-07769DA83036}]
C:\WINDOWS\system32\fcCVNfca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/07/2008 09:40 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dba16426-c060-4f2d-86f9-90475fc8f498}]
07/06/2008 11:41 PM 106240 --a------ C:\WINDOWS\system32\nqpibf.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/07/2008 09:40 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/13/2004 10:10 PM]
"CHotkey"="zHotkey.exe" [07/29/2003 07:06 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 10:09 AM C:\WINDOWS\ShowWnd.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 12:58 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [03/11/2004 04:18 PM]
"@"="" []
"AlcWzrd"="ALCWZRD.EXE" [07/05/2004 07:05 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/02/2004 08:49 PM C:\WINDOWS\ALCMTR.EXE]
"CTHelper"="CTHELPER.EXE" [08/25/2004 01:48 AM C:\WINDOWS\system32\CTHELPER.EXE]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 03:32 AM]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [05/21/2004 07:11 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/01/2004 11:09 AM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/01/2004 11:03 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 02:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/18/2006 01:39 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 03:43 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"eggs joy math type"="C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Jugs Chic.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/07/2008 09:40 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/2004 03:46 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/2007 05:13 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/20/2006 10:36 PM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 01:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2/4/2004 11:09:49 PM]
Harmony Monitor.lnk - C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe [1/20/2004 11:47:34 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/29/2004 12:06:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5438E0FA-30F7-4FDF-9F64-07769DA83036}"= C:\WINDOWS\system32\fcCVNfca.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcCVNfca]
fcCVNfca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyArpqr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-11 12:47:40 ------------

Malwarebytes' Anti-Malware 1.20
Database version: 941
Windows 5.1.2600 Service Pack 2

12:35:27 PM 7/11/2008
mbam-log-7-11-2008 (12-35-27).txt

Scan type: Quick Scan
Objects scanned: 44861
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\cabine.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce6d20ee-c568-4695-9a2a-970ab43501e4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce6d20ee-c568-4695-9a2a-970ab43501e4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50954072 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qolojpsd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dspjoloq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\outlook\v.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\6019fc9e-8c36-4a88-8eb0-1a152acd7342.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\8c316ab2-ae2f-4179-b8b6-7c1e0cb0aa80.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 06 - 04_58_57 PM_156.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 06 - 06_41_44 PM_062.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 06 - 11_09_33 AM_734.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 09 - 11_53_19 AM_062.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 10 - 01_27_28 PM_953.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 10 - 12_49_31 AM_203.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 10 - 12_56_02 AM_500.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 23 - 02_59_20 PM_515.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 23 - 03_17_44 PM_984.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 27 - 03_11_26 PM_015.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 27 - 06_55_05 PM_265.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Jul 28 - 03_30_00 AM_656.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 01 - 06_45_03 PM_046.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 02 - 03_53_29 PM_437.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 07 - 12_08_21 AM_484.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 10 - 01_08_00 AM_765.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 10 - 01_09_31 AM_734.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 10 - 03_59_49 PM_375.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 10 - 12_48_03 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 11 - 11_54_34 AM_390.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 13 - 12_52_28 PM_859.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 24 - 09_19_25 PM_171.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jul 26 - 03_15_27 PM_546.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jun 26 - 04_37_18 PM_453.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jun 26 - 04_37_23 PM_343.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jun 27 - 04_31_17 PM_591.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Log\2007 Jun 30 - 10_11_44 PM_171.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Registry Backups\2007-06-27_20-09-06.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brianna\Application Data\RegistrySmart\Registry Backups\2007-07-03_12-07-43.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\outlook\p.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cabine.dll (Trojan.Agent) -> Delete on reboot.

#4 jmar3311

jmar3311
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 11 July 2008 - 03:49 PM

Thunder,
Thank you for all your help. My ComboFix log is below.

ComboFix 08-07-11.1 - Brianna 2008-07-11 13:30:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -7:00]
Running from: C:\Documents and Settings\Brianna\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brianna\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brianna\Application Data\macromedia\Flash Player\#SharedObjects\TKU6A23J\www.broadcaster.com
C:\Documents and Settings\Brianna\Application Data\macromedia\Flash Player\#SharedObjects\TKU6A23J\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Brianna\Application Data\macromedia\Flash Player\#SharedObjects\TKU6A23J\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Brianna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Brianna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\LE43S222\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\outlook
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cjdfyh.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cqomufnh.dll
C:\WINDOWS\system32\fbvcxsww.ini
C:\WINDOWS\system32\lnwqqoxk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nqpibf.dll
C:\WINDOWS\system32\obfkdhhe.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\piisbjqn.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\qqiaocyx.dll
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rqprAyxx.ini
C:\WINDOWS\system32\rqprAyxx.ini2
C:\WINDOWS\system32\soozrg.dll
C:\WINDOWS\system32\svgkkdss.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\udfogd.dll
C:\WINDOWS\system32\umfjpgbv.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-11 12:47 . 2008-07-11 12:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 12:28 . 2008-07-11 12:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 12:28 . 2008-07-11 12:28 <DIR> d-------- C:\Documents and Settings\Brianna\Application Data\Malwarebytes
2008-07-11 12:28 . 2008-07-11 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 12:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 12:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-07 15:24 . 2008-07-07 15:24 <DIR> d-------- C:\Deckard
2008-07-07 12:14 . 2008-07-10 08:40 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-05 21:30 . 2008-07-05 21:30 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-05 21:30 . 2008-07-05 21:30 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-05 21:30 . 2008-07-07 09:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-05 21:29 . 2008-07-11 02:42 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 21:29 . 2008-07-07 14:56 <DIR> d-------- C:\Documents and Settings\Brianna\Application Data\AVGTOOLBAR
2008-07-05 21:29 . 2008-07-05 21:29 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-05 21:28 . 2008-07-05 21:28 <DIR> d-------- C:\Program Files\AVG
2008-07-05 21:28 . 2008-07-05 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 21:28 . 2008-07-05 21:28 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-07-05 21:28 . 2008-07-05 21:28 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-11 01:22 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Bytemagsname
2008-07-07 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\great coal love default
2008-07-06 04:28 --------- d-----w C:\Program Files\Symantec
2008-07-06 04:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 04:20 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-06 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 23:08 --------- d-----w C:\Program Files\MySpace
2008-05-27 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-14 01:44 62,032 ----a-w C:\Documents and Settings\Brianna\Application Data\GDIPFONTCACHEV1.DAT
2007-08-12 04:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 03:46 196608]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-12-17 17:13 3810544]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-13 22:10 339968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 16:18 135168]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 03:32 50688]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-18 01:39 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 04:00 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 09:40 1232152]
"CHotkey"="zHotkey.exe" [2003-07-29 19:06 515584 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 10:09 36864 C:\WINDOWS\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 12:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 19:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"CTHelper"="CTHELPER.EXE" [2004-08-25 01:48 24576 C:\WINDOWS\system32\CTHELPER.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-02-04 23:09:49 1742384]
Harmony Monitor.lnk - C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-01-20 11:47:34 81920]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"midi1"= usbmn2x2.dll
"midi3"= usbmn2x2.dll
"midi5"= usbmn2x2.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-05 21:30]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 21:29]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 09:40]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-07 09:40]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 21:30]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-05 21:28]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 12:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-05 21:28]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2005-10-22 14:06]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2005-10-22 14:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 16:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-17 06:45:00 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-10-25 06:45:00 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-10-14 21:45:15 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-07-11 10:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2005-10-17 06:03:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eggs joy math type - C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\Jugs Chic.exe
Notify-fcCVNfca - fcCVNfca.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 13:34:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-11 13:45:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 20:44:57

Pre-Run: 3,296,210,944 bytes free
Post-Run: 3,306,909,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

227 --- E O F --- 2008-06-20 10:00:59

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:59 PM

Posted 11 July 2008 - 05:13 PM

Looking good, Jmar3311 :thumbsup:

Navigate, using Windows Explorer, to and delete the following folders if still present:C:\Documents and Settings\Owner\Application Data\Bytemagsname <== folder
C:\Documents and Settings\All Users\Application Data\great coal love default <== folder
If you're having problems removing a file/folder, reboot your Computer once again and try to remove it after reboot.

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update7.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version.
Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users