Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems After Worm.win32.netbooster Removal


  • Please log in to reply
12 replies to this topic

#1 I Need A Xanax

I Need A Xanax

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 19 July 2008 - 12:50 PM

I removed worm.win32.netbooster (I assumed successfully), but I've noticed a couple of residual issues. First, next to my clock the phrase "VIRUS ALERT!" appears next to the time. This is true everywhere time shows up (i.e. in the details of every file, date modified, etc.). Also, when I go to my start menu, my All Programs option is completely gone. Below is my Hijack This loh. I appreciate any help you can offer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48: VIRUS ALERT!, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\nvraidservice.exe
E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
E:\WINDOWS\SM1BG.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\BitTorrent\bittorrent.exe
E:\PROGRA~1\AVG\AVG8\avgscanx.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chase.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVRaidService] E:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] E:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Simplify Media] "E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = E:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Starfield Technologies - http://video.secureserver.net/plugins/star...echnologies.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: evgratsm - {3369EA40-8BC9-4535-9B43-7451A7C14AE0} - E:\WINDOWS\evgratsm.dll (file missing)
O21 - SSODL: kvxqmtre - {E2596540-752B-44D9-B51D-409A30CB1E6F} - E:\WINDOWS\kvxqmtre.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9055 bytes

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 21 July 2008 - 09:49 PM

Please download SDFix
Save it to the Desktop

Now, reboot to Safe Mode
  • Restart your computer.
  • When the machine reboots, tap the F8 key before Windows starts
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
In Safe Mode, double-click SDFix.exe icon on the Desktop
  • Allow the program to extract to it's own folder (C:\SDFix)
  • Double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.
  • Press any key to restart the PC.
  • When the PC restarts the SDFix will run again and complete the removal process
  • It then displays Finished
  • Press any key to end the script and load the Desktop icons.
  • Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.
~~~~
Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one. (Print the instructions first)

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Quick Scan
  • Click: Scan (The scan may take some time to finish, so please be patient.)
  • When the scan completes, a message box appears as shown in the image below:
    Posted Image
  • Click OK
At the main Scanner screen:
  • Click on: Show Results
  • A screen displaying the malware found shows as seen in the image below. (Results may be different.)
    Posted Image
  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~
Download VArestorepolicies
Right-click and select: Extract all
Open the VArestorepolicies folder, right-click the file VArestorepolicies, and select: Install

~~~~
Next, download Deckard's System Scanner (DSS)
Save it to the Desktop
Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your firewall offers a warning, allow the program to run
  • When finished, DSS opens two Notepad files: main.txt < this one is maximized, and extra.txt < this one is minimized.
    (A copy of these files is also found in C:\Deckard\System Scanner)
It may take more than one post to provide these logs. If so, please do consecutive posts (one after the other).

~~~~
Please provide the following in your reply:
The contents of the SDFix Report.txt
The MBAM report
The contents of DSS main.txt and extra.txt

Old duck...


#3 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 22 July 2008 - 01:21 AM

It appears that my Administrator Account Privileges have been revoked. Since I'm the only one who uses the computer, I suppose I should hit my knees and ask GAWD to give them back to me. Help...?

Edited by I Need A Xanax, 22 July 2008 - 01:21 AM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 22 July 2008 - 09:30 PM

Can you create a new Administrator account by doing the following:

Go to Start > Control Panel > User Accounts > Create New Account

If so, download Deckard's System Scanner (DSS)
Save it to the Desktop
Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your firewall offers a warning, allow the program to run
  • When finished, DSS opens two Notepad files: main.txt < this one is maximized, and extra.txt < this one is minimized.
    (A copy of these files is also found in C:\Deckard\System Scanner)
It may take more than one post to provide these logs. If so, please do consecutive posts (one after the other).

~~~~
Please provide the following in your reply:
The contents of DSS main.txt and extra.txt

Old duck...


#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 22 July 2008 - 10:02 PM

If the above does not work, try starting the computer in Safe Mode (see instructions in Post #2).

Then, create another User in the administrator group, and log back in as that User...

Edited by Aaflac, 22 July 2008 - 10:03 PM.

Old duck...


#6 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 22 July 2008 - 10:08 PM

Here is the main.txt file:

Deckard's System Scanner v20071014.68
Run by Chad on 2008-07-22 21:56:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-23 02:57:02 UTC - RP51 - Deckard's System Scanner Restore Point
2: 2008-07-22 01:48:20 UTC - RP50 - Paint.NET v3.35
1: 2008-07-21 01:50:41 UTC - RP49 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-22 21:58:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\AVG\AVG8\avgam.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgnsx.exe
E:\Program Files\AVG\AVG8\avgemc.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\nvraidservice.exe
E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
E:\WINDOWS\SM1bg.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\RTHDCPL.exe
E:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
E:\Program Files\AVG\AVG8\avgtray.exe
E:\Program Files\Yahoo!\browser\ycommon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Chad\Local Settings\Temporary Internet Files\Content.IE5\GLA7W5MF\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NVRaidService] E:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] E:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = E:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Starfield Technologies () - http://video.secureserver.net/plugins/star...echnologies.CAB
O16 - DPF: Web-Based Email Tools () - http://email.secureserver.net/Download.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: evgratsm - {3369EA40-8BC9-4535-9B43-7451A7C14AE0} - E:\WINDOWS\evgratsm.dll (file missing)
O21 - SSODL: kvxqmtre - {E2596540-752B-44D9-B51D-409A30CB1E6F} - E:\WINDOWS\kvxqmtre.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe


--
End of file - 9543 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - e:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 ALCXSENS (Service for WDM 3D Audio Driver) - e:\windows\system32\drivers\alcxsens.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - e:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 catchme - e:\combofix\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "e:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 17:38:42 420 --ah----- E:\WINDOWS\Tasks\User_Feed_Synchronization-{A9F4B9F5-36FC-40F4-AF14-995173B9951B}.job
2008-07-19 16:53:00 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 21:54:19 0 dr-h----- E:\Documents and Settings\Chad\Application Data\yahoo!
2008-07-22 21:50:27 0 d-------- E:\Documents and Settings\Chad\Application Data\Macromedia
2008-07-22 21:49:06 0 d-------- E:\Documents and Settings\Chad\Application Data\Adobe
2008-07-22 21:49:02 0 d-------- E:\Documents and Settings\Chad\Application Data\AVGTOOLBAR
2008-07-22 21:46:04 0 d-------- E:\Documents and Settings\Chad\Application Data\ICAClient
2008-07-22 21:45:45 0 d-------- E:\Documents and Settings\Chad\Application Data\Apple Computer
2008-07-22 21:45:02 0 d-------- E:\Documents and Settings\Chad\Application Data\Identities
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\Templates
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\Start Menu
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\SendTo
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\Recent
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\PrintHood
2008-07-22 21:44:40 786432 --ah----- E:\Documents and Settings\Chad\NTUSER.DAT
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\NetHood
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\My Documents
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\Local Settings
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\Favorites
2008-07-22 21:44:40 0 d-------- E:\Documents and Settings\Chad\Desktop
2008-07-22 21:44:40 0 d--hs---- E:\Documents and Settings\Chad\Cookies
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\Application Data
2008-07-22 00:47:47 1458632 --a------ E:\SDFix.exe
2008-07-21 20:48:20 0 d-------- E:\Program Files\Paint.NET
2008-07-19 17:25:26 0 d-------- E:\Program Files\iPod
2008-07-19 17:25:23 0 d-------- E:\Program Files\iTunes
2008-07-19 17:24:54 0 d-------- E:\Program Files\Bonjour
2008-07-17 08:05:04 0 d-------- E:\Program Files\RogueRemover FREE
2008-07-17 05:42:04 0 d-------- E:\WINDOWS\BDOSCAN8
2008-07-17 04:49:00 0 d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-17 04:48:46 0 d-------- E:\Program Files\SUPERAntiSpyware
2008-07-17 04:48:46 0 d-------- E:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-07-17 04:48:27 0 d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 04:45:31 81920 --a------ E:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-17 04:45:30 86528 --a------ E:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-17 04:45:29 25600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2008-07-17 04:45:29 289144 --a------ E:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-17 04:45:29 82944 --a------ E:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-17 04:45:27 288417 --a------ E:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-17 04:45:27 51200 --a------ E:\WINDOWS\system32\dumphive.exe
2008-07-17 02:32:07 0 d-------- E:\Documents and Settings\user\Application Data\TmpRecentIcons
2008-07-15 12:22:10 0 d-------- E:\Program Files\Safari
2008-07-08 20:30:47 0 d-------- E:\Documents and Settings\user\Application Data\Media Player Classic
2008-07-08 19:24:29 164352 --a------ E:\WINDOWS\system32\unrar.dll
2008-07-08 19:24:28 217088 --a------ E:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-08 19:24:28 159839 --a------ E:\WINDOWS\system32\xvidvfw.dll
2008-07-08 19:24:28 755027 --a------ E:\WINDOWS\system32\xvidcore.dll
2008-07-08 19:24:27 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2008-07-08 19:24:27 7680 --a------ E:\WINDOWS\system32\ff_vfw.dll
2008-07-08 19:24:27 81920 --a------ E:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-08 19:24:27 683520 --a------ E:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX>
2008-07-08 19:24:26 0 d-------- E:\Program Files\K-Lite Codec Pack
2008-07-08 18:12:06 0 d-------- E:\Documents and Settings\user\Application Data\Leadertech
2008-07-08 18:07:43 0 d-------- E:\Program Files\QuickTime
2008-07-08 12:44:38 0 d-------- E:\Program Files\QuickZip4
2008-07-07 19:30:29 0 d-------- E:\Documents and Settings\user\Application Data\AdobeAUM


-- Find3M Report ---------------------------------------------------------------

2008-07-20 20:38:53 0 d-------- E:\Program Files\BitTorrent
2008-07-17 04:48:27 0 d-------- E:\Program Files\Common Files
2008-07-15 12:28:16 0 d-------- E:\Program Files\DNA
2008-07-09 21:08:00 0 d-------- E:\Program Files\Google
2008-07-09 20:21:26 0 d-------- E:\Program Files\a-squared Free
2008-06-19 13:11:29 0 d-------- E:\Program Files\TotalAudioConverter
2008-06-04 19:27:16 0 d-------- E:\Program Files\isoHunt
2008-06-04 19:27:16 0 d-------- E:\Program Files\Conduit
2008-06-04 19:19:30 0 d-------- E:\Program Files\MySpace
2008-06-04 17:32:06 0 d-------- E:\Program Files\Hide Folders XP 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/07/2008 12:34 PM 2055960 --a------ E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/07/2008 12:34 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="E:\WINDOWS\system32\nvraidservice.exe" [06/10/2004 10:15 PM]
"RoxioDragToDisc"="E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [01/27/2004 04:39 PM]
"SM1BG"="E:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/31/2006 01:35 AM]
"nwiz"="nwiz.exe" [10/31/2006 01:35 AM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/31/2006 01:35 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 07:30 PM E:\WINDOWS\RTHDCPL.exe]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 08:51 AM]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/07/2008 12:34 PM]
"Microsoft Works Update Detection"="E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"AppleSyncNotifier"="E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
SBC Self Support Tool.lnk - E:\Program Files\SBC Self Support Tool\bin\matcli.exe [1/28/2008 10:09:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"evgratsm"= {3369EA40-8BC9-4535-9B43-7451A7C14AE0} - E:\WINDOWS\evgratsm.dll [ ]
"kvxqmtre"= {E2596540-752B-44D9-B51D-409A30CB1E6F} - E:\WINDOWS\kvxqmtre.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcI16.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-07-22 21:59:32 ------------

#7 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 22 July 2008 - 10:09 PM

...and here is extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 1983.48 MiB / 1508.93 MiB
Pagefile Memory (total/avail): 3366.57 MiB / 3034.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.47 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 147.25 GiB total, 110.06 GiB free.
D: is Fixed (NTFS) - 186.31 GiB total, 71.38 GiB free.
E: is Fixed (NTFS) - 39.05 GiB total, 26.29 GiB free.
F: is CDROM (No Media)
G: is Fixed (FAT32) - 232.83 GiB total, 70.48 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD2000JD-00HBB0 - 186.31 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 39.05 GiB - E:
\PARTITION1 (bootable) - Installable File System - 147.25 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2000JD-00HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - D:

\\.\PHYSICALDRIVE2 - WD 2500BEV External USB Device - 128 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: AVG Internet Security v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Program Files\\DNA\\btdna.exe"="E:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"
"E:\\Documents and Settings\\user\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe"="E:\\Documents and Settings\\user\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe:*:Enabled:Simplify Media Peer"
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"="E:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Chad\Application Data
CLASSPATH=.;E:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=N-5F7B0477C9EC4
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Chad
LOGONSERVER=\\N-5F7B0477C9EC4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\Program Files\Internet Explorer;;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\system32\wbem;E:\Program Files\Common Files\Roxio Shared\DLLShared;E:\Program Files\QuickTime\QTSystem;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\Chad\LOCALS~1\Temp
TMP=E:\DOCUME~1\Chad\LOCALS~1\Temp
USERDOMAIN=N-5F7B0477C9EC4
USERNAME=Chad
USERPROFILE=E:\Documents and Settings\Chad
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Chad (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> E:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
@BIOS --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
Adobe Atmosphere Player for Acrobat and Adobe Reader --> E:\WINDOWS\atmoUn.exe
Adobe Download Manager 2.2 (Remove Only) --> "E:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> E:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AT&T Self Support Tool --> E:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> E:\PROGRA~1\Yahoo!\Common\uninstall.exe
AVG 8.0 --> E:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "E:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Citrix Program Neighborhood --> E:\WINDOWS\ISUNINST.EXE -fE:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cE:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Cypress USB Mass Storage Driver Installation --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DMIView B7.0108.01 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
EasyTMD (remove only) --> E:\Program Files\EasyTMD\Uninst.exe
Enable S3 for USB Device --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
HijackThis 2.0.2 --> "E:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
K-Lite Codec Pack 4.0.0 (Full) --> "E:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' RogueRemover --> "E:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers --> E:\WINDOWS\system32\nvuide.exe UninstallGUI
Paint.NET v3.35 --> MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
Quick Zip 4.60.018 --> "E:\Program Files\QuickZip4\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Simplify Media --> MsiExec.exe /X{3D3ACF47-781F-4979-96EC-B240B748F79E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TotalAudioConverter --> "E:\Program Files\TotalAudioConverter\unins000.exe"
TurboTax Deluxe 2007 --> E:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "E:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Videora iPod Converter 3.07 --> E:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> E:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u E:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Imaging Component --> "E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2914 / Error
Event Submitted/Written: 07/22/2008 08:16:29 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application simplifypeer.exe, version 1.0.0.1010, faulting module simplifypeer.exe, version 1.0.0.1010, fault address 0x00219da3.
Processing media-specific event for [simplifypeer.exe!ws!]

Event Record #/Type2883 / Error
Event Submitted/Written: 07/21/2008 11:18:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mplayerc.exe, version 6.4.9.1, faulting module unknown, version 0.0.0.0, fault address 0x003e027e.
Processing media-specific event for [mplayerc.exe!ws!]

Event Record #/Type2882 / Error
Event Submitted/Written: 07/21/2008 11:12:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2844 / Error
Event Submitted/Written: 07/18/2008 02:17:34 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2843 / Error
Event Submitted/Written: 07/18/2008 02:17:34 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3362 / Error
Event Submitted/Written: 07/22/2008 09:51:10 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MILLIED
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FFDA0C0F-9218-4C3B-8.
The master browser is stopping or an election is being forced.

Event Record #/Type3361 / Error
Event Submitted/Written: 07/22/2008 09:45:40 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 00000023, parameter1 000e0100, parameter2 b5e8aa08, parameter3 b5e8a704, parameter4 80569475.

Event Record #/Type3334 / Error
Event Submitted/Written: 07/22/2008 09:03:07 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MILLIED
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FFDA0C0F-9218-4C3B-8.
The master browser is stopping or an election is being forced.

Event Record #/Type3333 / Warning
Event Submitted/Written: 07/22/2008 08:51:16 PM
Event ID/Source: 8005 / MRxSmb
Event Description:
The browser has received a server announcement indicating that the computer N-5F7B0477C9EC4
is a master browser, but this computer is not a master browser.

Event Record #/Type3332 / Error
Event Submitted/Written: 07/22/2008 07:51:27 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MILLIED
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FFDA0C0F-9218-4C3B-8.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2008-07-22 21:59:32 ------------

I appreciate your help,
Xanax


#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 22 July 2008 - 10:37 PM

Please press on with the instructions contained in Post #2, and run:
SDFix
MBAM
VArestorepolicies

A new Deckard's System Scanner main.txt

Old duck...


#9 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 July 2008 - 01:08 AM

For some reason, no matter how I change my monitor settings, I cannot boot to Safe Mode without getting a "Monitor Out of Range" message and can only boot up in VGA or Normal mode. As such, I can't run SDFix as directed.

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 23 July 2008 - 10:12 PM

Seems as if your monitor cannot handle the resolution and refresh rate request.

Press on with MBAM, VArestorepolicies, and new Deckard's System Scanner main.txt

Old duck...


#11 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 27 July 2008 - 11:47 PM

Sorry about the delay. Had to get away for a few days. Here's the MBAM results:

Malwarebytes' Anti-Malware 1.23
Database version: 1000
Windows 5.1.2600 Service Pack 2

11:27:33 PM 7/27/2008
mbam-log-7-27-2008 (23-27-33).txt

Scan type: Quick Scan
Objects scanned: 45361
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\shcnmsj0eg4l (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0056836-51440) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the main log from Deckard's. For some reason the extra.txt file did not generate this time, either minimized or under the Deckard's folder on my main drive:

Deckard's System Scanner v20071014.68
Run by user on 2008-07-27 23:37:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:50 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\nvraidservice.exe
E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
E:\WINDOWS\SM1BG.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyPeer.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\user\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chase.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Spellex for IE - {C1DD45FA-9D05-4b6e-8235-CFD08021C89C} - E:\Program Files\Spellex\Spellex for IE\SpxIE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVRaidService] E:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] E:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Simplify Media] "E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = E:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spellex - E:\Program Files\Spellex\Spellex for IE\SpellCheckLink.htm
O8 - Extra context menu item: Spellex Options - E:\Program Files\Spellex\Spellex for IE\SpellOptionLink.htm
O9 - Extra button: (no name) - {51436907-49FD-4bb3-9CE5-36F3C9FEDE9B} - E:\Program Files\Spellex\Spellex for IE\SpxIE.dll
O9 - Extra 'Tools' menuitem: Spellex Options - {51436907-49FD-4bb3-9CE5-36F3C9FEDE9B} - E:\Program Files\Spellex\Spellex for IE\SpxIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Spellex Spell Check - {AD9D239F-AF21-4497-B98A-4D8ACE4C42C6} - E:\Program Files\Spellex\Spellex for IE\SpxIE.dll
O9 - Extra 'Tools' menuitem: Spellex Spell Check - {AD9D239F-AF21-4497-B98A-4D8ACE4C42C6} - E:\Program Files\Spellex\Spellex for IE\SpxIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Starfield Technologies - http://video.secureserver.net/plugins/star...echnologies.CAB
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9324 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 23:37:37 0 d-------- E:\Program Files\Trend Micro
2008-07-27 23:17:26 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 12:34:58 0 dr-h----- E:\Documents and Settings\user\Recent
2008-07-24 04:56:27 0 d-------- E:\Program Files\Spellex
2008-07-24 04:56:27 0 d-------- E:\Program Files\Common Files\Spellex
2008-07-22 21:54:19 0 dr-h----- E:\Documents and Settings\Chad\Application Data\yahoo!
2008-07-22 21:50:27 0 d-------- E:\Documents and Settings\Chad\Application Data\Macromedia
2008-07-22 21:49:06 0 d-------- E:\Documents and Settings\Chad\Application Data\Adobe
2008-07-22 21:49:02 0 d-------- E:\Documents and Settings\Chad\Application Data\AVGTOOLBAR
2008-07-22 21:46:04 0 d-------- E:\Documents and Settings\Chad\Application Data\ICAClient
2008-07-22 21:45:45 0 d-------- E:\Documents and Settings\Chad\Application Data\Apple Computer
2008-07-22 21:45:02 0 d-------- E:\Documents and Settings\Chad\Application Data\Identities
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\Templates
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\Start Menu
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\SendTo
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\Recent
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\PrintHood
2008-07-22 21:44:40 1310720 --ah----- E:\Documents and Settings\Chad\NTUSER.DAT
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\NetHood
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\My Documents
2008-07-22 21:44:40 0 d--h----- E:\Documents and Settings\Chad\Local Settings
2008-07-22 21:44:40 0 dr------- E:\Documents and Settings\Chad\Favorites
2008-07-22 21:44:40 0 d-------- E:\Documents and Settings\Chad\Desktop
2008-07-22 21:44:40 0 d--hs---- E:\Documents and Settings\Chad\Cookies
2008-07-22 21:44:40 0 dr-h----- E:\Documents and Settings\Chad\Application Data
2008-07-22 21:44:40 0 d---s---- E:\Documents and Settings\Chad\Application Data\Microsoft
2008-07-22 00:47:47 1458632 --a------ E:\SDFix.exe
2008-07-21 20:48:20 0 d-------- E:\Program Files\Paint.NET
2008-07-19 17:25:26 0 d-------- E:\Program Files\iPod
2008-07-19 17:25:23 0 d-------- E:\Program Files\iTunes
2008-07-19 17:24:54 0 d-------- E:\Program Files\Bonjour
2008-07-17 08:05:04 0 d-------- E:\Program Files\RogueRemover FREE
2008-07-17 05:42:04 0 d-------- E:\WINDOWS\BDOSCAN8
2008-07-17 04:49:00 0 d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-17 04:48:46 0 d-------- E:\Program Files\SUPERAntiSpyware
2008-07-17 04:48:46 0 d-------- E:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-07-17 04:48:27 0 d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 04:45:31 81920 --a------ E:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-17 04:45:30 86528 --a------ E:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-17 04:45:29 25600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2008-07-17 04:45:29 289144 --a------ E:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-17 04:45:27 288417 --a------ E:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-17 04:45:27 51200 --a------ E:\WINDOWS\system32\dumphive.exe
2008-07-17 02:32:07 0 d-------- E:\Documents and Settings\user\Application Data\TmpRecentIcons
2008-07-15 12:22:10 0 d-------- E:\Program Files\Safari
2008-07-08 20:30:47 0 d-------- E:\Documents and Settings\user\Application Data\Media Player Classic
2008-07-08 19:24:29 164352 --a------ E:\WINDOWS\system32\unrar.dll
2008-07-08 19:24:28 217088 --a------ E:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-08 19:24:28 159839 --a------ E:\WINDOWS\system32\xvidvfw.dll
2008-07-08 19:24:28 755027 --a------ E:\WINDOWS\system32\xvidcore.dll
2008-07-08 19:24:27 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2008-07-08 19:24:27 7680 --a------ E:\WINDOWS\system32\ff_vfw.dll
2008-07-08 19:24:27 81920 --a------ E:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-08 19:24:27 683520 --a------ E:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX>
2008-07-08 19:24:26 0 d-------- E:\Program Files\K-Lite Codec Pack
2008-07-08 18:12:06 0 d-------- E:\Documents and Settings\user\Application Data\Leadertech
2008-07-08 18:07:43 0 d-------- E:\Program Files\QuickTime
2008-07-08 12:44:38 0 d-------- E:\Program Files\QuickZip4
2008-07-07 19:30:29 0 d-------- E:\Documents and Settings\user\Application Data\AdobeAUM


-- Find3M Report ---------------------------------------------------------------

2008-07-27 22:57:55 0 d-------- E:\Documents and Settings\user\Application Data\BitTorrent
2008-07-27 22:40:55 1844 --a------ E:\Documents and Settings\user\Application Data\QuickZip45.ini
2008-07-25 16:50:21 0 d-------- E:\Program Files\BitTorrent
2008-07-24 04:56:27 0 d-------- E:\Program Files\Common Files
2008-07-15 12:28:16 0 d-------- E:\Program Files\DNA
2008-07-15 12:24:10 0 d-------- E:\Documents and Settings\user\Application Data\DNA
2008-07-09 21:08:00 0 d-------- E:\Program Files\Google
2008-07-09 20:21:26 0 d-------- E:\Program Files\a-squared Free
2008-06-19 13:11:39 0 d-------- E:\Documents and Settings\user\Application Data\Softplicity
2008-06-19 13:11:29 0 d-------- E:\Program Files\TotalAudioConverter
2008-06-07 12:59:20 0 d-------- E:\Documents and Settings\user\Application Data\PKWARE
2008-06-05 23:16:04 0 d-------- E:\Documents and Settings\user\Application Data\Malwarebytes
2008-06-04 19:27:16 0 d-------- E:\Program Files\isoHunt
2008-06-04 19:27:16 0 d-------- E:\Program Files\Conduit
2008-06-04 19:19:30 0 d-------- E:\Program Files\MySpace
2008-06-04 17:32:06 0 d-------- E:\Program Files\Hide Folders XP 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/07/2008 12:34 PM 2055960 --a------ E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1DD45FA-9D05-4b6e-8235-CFD08021C89C}]
09/28/2007 02:21 PM 183592 --a------ E:\Program Files\Spellex\Spellex for IE\SpxIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/07/2008 12:34 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="E:\WINDOWS\system32\nvraidservice.exe" [06/10/2004 10:15 PM]
"RoxioDragToDisc"="E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [01/27/2004 04:39 PM]
"SM1BG"="E:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/31/2006 01:35 AM]
"nwiz"="nwiz.exe" [10/31/2006 01:35 AM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/31/2006 01:35 AM]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 07:30 PM E:\WINDOWS\RTHDCPL.exe]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 08:51 AM]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 09:58 AM]
"Microsoft Works Update Detection"="E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"AppleSyncNotifier"="E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="E:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Simplify Media"="E:\Documents and Settings\user\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [05/13/2008 02:30 PM]
"updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
SBC Self Support Tool.lnk - E:\Program Files\SBC Self Support Tool\bin\matcli.exe [1/28/2008 10:09:44 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vcI16.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1761295-0cc9-11dd-8bc1-001d7d278cfe}]
AutoRun\command- H:\wdsync.exe




-- End of Deckard's System Scanner: finished at 2008-07-27 23:38:10 ------------

As always...Thank you,

Xanax


#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:04 AM

Posted 30 July 2008 - 09:37 PM

Sorry for the delay.

The logs look fine.

Are you still having malware problems?

Old duck...


#13 I Need A Xanax

I Need A Xanax
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 31 July 2008 - 08:42 PM

It appears to be alright. *fingers crossed*

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users