Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Alert In Time Bar


  • Please log in to reply
8 replies to this topic

#1 Mr PJ

Mr PJ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 27 July 2008 - 09:29 PM

Hi I'm hoping someone can help me here. I ran into some serious malware/virus problems on my home computer this past weekend and appeared to have cleaned up several of the problems, but can't seem to "close the deal." I am running an XP system and have used Smitdraudfix, RRT Autoremove by Sergiwa, superantispyware and have downloaded and am running AVG Free Version. That seems to have cleaned up most of the performance problems, but the nagging malware issue I have is the VIRUS ALERT in the Timebar and several of my program options in the start menu are still missing. Unfortunately it looks like I don't have a system restore point to back to before all of this happened.

Can you help? Here is the DSS/Hijack this log provided for your review (I did not run a kaspery scan in the interest of time but will do that and send if necessary). Thanks in advance.

Deckard's System Scanner v20071014.68
Run by Mom on 2008-07-27 20:54:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-07-28 01:54:32 UTC - RP1059 - Deckard's System Scanner Restore Point
4: 2008-07-27 21:27:33 UTC - RP1058 - System Checkpoint
3: 2008-07-26 20:59:14 UTC - RP1057 - Software Distribution Service 3.0
2: 2008-07-26 17:33:04 UTC - RP1056 - System Checkpoint
1: 2008-07-26 14:09:47 UTC - RP1055 - Installed SUPERAntiSpyware Free Edition


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-27 20:56:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\system32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\AVG\AVG8\avgrsx.exe
F:\Program Files\AVG\AVG8\avgemc.exe
F:\WINDOWS\explorer.exe
F:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
F:\Program Files\HP\HP Software Update\hpwuSchd2.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
F:\Program Files\QuickTime\QTTask.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLServiceHost.exe
F:\WINDOWS\system32\svchost.exe
F:\Documents and Settings\Mom\Local Settings\Temp\Temporary Directory 1 for RRT[1].zip\RRT.exe
F:\Program Files\AVG\AVG8\avgtray.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Southwest Airlines\Ding\Ding.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Documents and Settings\Mom\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD} - F:\WINDOWS\system32\fccaArrp.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {A1054649-C6B5-471E-8180-D8C6B3E647BD} - F:\WINDOWS\system32\tuvvSLFX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {8b40e5d4-0700-a749-7404-8aa48c6f10ef} - {fe01f6c8-4aa8-4047-947a-00704d5e04b8} - F:\WINDOWS\system32\hnypcp.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BearShare] "F:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 F:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "F:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus] F:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [009c8934] rundll32.exe "F:\WINDOWS\system32\tfiwvuma.dll",b
O4 - HKLM\..\Run: [000000af] rundll32.exe "F:\WINDOWS\system32\tfiwvuma.dll",b
O4 - HKLM\..\Run: [RRT-Auto] F:\DOCUME~1\Mom\LOCALS~1\Temp\Temporary Directory 1 for RRT[1].zip\RRT.exe auto
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] F:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [DW4] "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DW6] "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = F:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - f:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm450NXUS
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - F:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaArrp - F:\WINDOWS\system32\fccaArrp.dll (file missing)
O21 - SSODL: wnslvxtf - {55B294FA-E9AB-44EB-A6AC-50F0FF921C61} - F:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {38D6A90B-B204-40DA-9572-B78E15F60637} - F:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - F:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE
O23 - Service: NNServ - Unknown owner - F:\Program Files\NewDotNet\nnrun.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\hpzipm12.exe
O24 - Desktop Component 0: - http://www.google.com/logos/conan_doyle.gifO24 - Desktop Component 1: - http://www.beyondunreal.com/images/postal2/poop.jpgO24 - Desktop Component 2: - http://images.google.com/images?q=tbn:TXK8...004/poop.jpgO24 - Desktop Component 3: - http://images.google.com/images?q=tbn:_Nkt...al2/poop.jpgO24 - Desktop Component 4: - http://images.google.com/images?q=tbn:oSb1...o-746387.jpgO24 - Desktop Component 5: - http://images.google.com/images?q=tbn:mMN4...net/poop.jpgO24 - Desktop Component 6: - http://msn.foxsports.com/id/6065954_18_1.jpg

--
End of file - 11383 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 Winel63 - f:\windows\system32\drivers\winel63.sys (file missing)
S3 EagleNT - f:\windows\system32\drivers\eaglent.sys (file missing)
S3 RDID1061 (EDIROL UA-4FX) - f:\windows\system32\drivers\rdwm1061.sys <Not Verified; Roland Corporation; >
S3 Windk85 - f:\windows\system32\drivers\windk85.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "f:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 MyWebSearchService (My Web Search Service) - f:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
S2 NNServ - "f:\program files\newdotnet\nnrun.exe" "f:\program files\newdotnet\nncore.dll" servicestart (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 20:23:53 404 --a------ F:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-23 18:44:00 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-11 10:36:00 340 --a------ F:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1118503937.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 09:25:46 0 d-------- F:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2008-07-26 08:47:48 0 d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 08:47:03 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-07-26 08:47:03 0 d-------- F:\Documents and Settings\Mom\Application Data\SUPERAntiSpyware.com
2008-07-26 08:32:36 4320 --a------ F:\WINDOWS\system32\tmp.reg
2008-07-26 08:27:51 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-26 08:27:45 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-26 08:27:31 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-26 08:27:27 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-26 08:27:17 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-26 08:27:15 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-26 08:26:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-25 23:58:37 0 d--h----- F:\$AVG8.VAULT$
2008-07-25 23:48:22 0 d-------- F:\WINDOWS\system32\drivers\Avg
2008-07-25 23:48:19 0 d-------- F:\Documents and Settings\Mom\Application Data\AVGTOOLBAR
2008-07-25 23:47:31 0 d-------- F:\Program Files\AVG
2008-07-25 23:47:27 0 d-------- F:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 20:50:06 0 d-------- F:\Documents and Settings\Mom\Application Data\TmpRecentIcons
2008-07-25 19:37:37 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-25 16:07:42 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Google
2008-07-25 16:07:39 0 dr------- F:\Documents and Settings\NetworkService\Favorites
2008-07-25 13:47:38 1709 --ahs---- F:\WINDOWS\system32\XFLSvvut.ini2
2008-07-25 13:37:13 163840 --a------ F:\WINDOWS\endq.exe


-- Find3M Report ---------------------------------------------------------------

2008-07-27 20:57:18 0 d-------- F:\Documents and Settings\Mom\Application Data\DNA
2008-07-27 18:02:24 0 d-------- F:\Program Files\Common Files\Symantec Shared
2008-07-27 18:00:04 0 d-------- F:\Program Files\Norton Security Scan
2008-07-26 12:48:38 24064 --a------ F:\WINDOWS\system32\ctfmon.exe <Not Verified; Gerhard Schlager; Dummy CTFMON.EXE (part of the CTFMON-Remover)>
2008-07-26 08:45:59 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 07:13:51 0 d-------- F:\Program Files\The Weather Channel FW


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD}]
F:\WINDOWS\system32\fccaArrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/25/2008 23:48: VIRUS ALERT! 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1054649-C6B5-471E-8180-D8C6B3E647BD}]
F:\WINDOWS\system32\tuvvSLFX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe01f6c8-4aa8-4047-947a-00704d5e04b8}]
F:\WINDOWS\system32\hnypcp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="F:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 15:00: VIRUS ALERT!]
"vptray"="F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" []
"MyWebSearch Email Plugin"="F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [04/23/2008 18:47: VIRUS ALERT!]
"Microsoft Works Portfolio"="F:\Program Files\Microsoft Works\WksSb.exe" [08/08/2000 15:00: VIRUS ALERT!]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 00:11: VIRUS ALERT!]
"HP Component Manager"="F:\Program Files\HP\hpcoretech\hpcmpmgr.exe" []
"HostManager"="F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe" [08/02/2005 14:33: VIRUS ALERT!]
"BearShare"="F:\Program Files\BearShare\BearShare.exe" []
"Adobe Photo Downloader"="F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46: VIRUS ALERT!]
"Google Desktop Search"="F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/18/2007 15:39: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"MyWebSearch Plugin"="F:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL" [04/23/2008 18:47: VIRUS ALERT!]
"My Web Search Bar Search Scope Monitor"="F:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [04/23/2008 18:47: VIRUS ALERT!]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"Antivirus"="F:\Program Files\VAV\vav.exe" []
"009c8934"="F:\WINDOWS\system32\tfiwvuma.dll" []
"000000af"="F:\WINDOWS\system32\tfiwvuma.dll" []
"RRT-Auto"="F:\DOCUME~1\Mom\LOCALS~1\Temp\Temporary Directory 1 for RRT[1].zip\RRT.exe" [07/20/2008 04:54: VIRUS ALERT!]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 23:47: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24: VIRUS ALERT!]
"Microsoft Works Update Detection"="F:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 15:00: VIRUS ALERT!]
"DW4"="F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 09:10: VIRUS ALERT!]
"BitTorrent DNA"="F:\Program Files\DNA\btdna.exe" [05/08/2008 07:50: VIRUS ALERT!]
"DW6"="F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18: VIRUS ALERT!]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33: VIRUS ALERT!]

F:\Documents and Settings\Mom\Start Menu\Programs\Startup\
DING!.lnk - F:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 2:15:48 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office\OSA9.EXE [8/8/2000 3:00:00 PM]
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/8/2000 3:00:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD}"= F:\WINDOWS\system32\fccaArrp.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13: VIRUS ALERT! 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wnslvxtf"= {55B294FA-E9AB-44EB-A6AC-50F0FF921C61} - F:\WINDOWS\wnslvxtf.dll [ ]
"eqvwamkl"= {38D6A90B-B204-40DA-9572-B78E15F60637} - F:\WINDOWS\eqvwamkl.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41: VIRUS ALERT! 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaArrp]
fccaArrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\tuvvSLFX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windk85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton AntiVirus Server"=2 (0x2)
"DefWatch"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-27 20:58:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 511.01 MiB / 179.93 MiB
Pagefile Memory (total/avail): 1249.87 MiB / 910.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.37 MiB

A: is Removable (No Media)
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 74.52 GiB total, 35.68 GiB free.
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - F:

\\.\PHYSICALDRIVE1 - HP psc 2410 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe"="F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"="F:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe:*:Enabled:mvp2004"
"F:\\Program Files\\AIM\\aim.exe"="F:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe"="F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"F:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="F:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"F:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="F:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"F:\\Program Files\\Windows Media Player\\wmplayer.exe"="F:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"F:\\Program Files\\EA SPORTS\\Madden NFL 2005\\mainapp.exe"="F:\\Program Files\\EA SPORTS\\Madden NFL 2005\\mainapp.exe:*:Enabled:mainapp"
"F:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="F:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"F:\\Program Files\\Internet Explorer\\iexplore.exe"="F:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"F:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"="F:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe:*:Enabled:FreeStyle"
"F:\\Program Files\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"F:\\Program Files\\AIM6\\aim6.exe"="F:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\DNA\\btdna.exe"="F:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"F:\\Program Files\\BitTorrent\\bittorrent.exe"="F:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"F:\\Documents and Settings\\Connor\\Program Files\\BitTorrent\\BitTorrent.exe"="F:\\Documents and Settings\\Connor\\Program Files\\BitTorrent\\BitTorrent.exe:*:Disabled:BitTorrent"
"F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"F:\\Program Files\\iTunes\\iTunes.exe"="F:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Mom\Application Data
CLASSPATH=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=BOYLE-L1OHX7LU4
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Mom
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\BOYLE-L1OHX7LU4
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONID=1133648546290htx6056a79a6a:108225cb333:8d
SESSIONNAME=Console
SWUTVER=1.0.18.20030625
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Mom\LOCALS~1\Temp
TIMEOUT=0
TMP=F:\DOCUME~1\Mom\LOCALS~1\Temp
TOOLPATH=/F:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=F:\DOCUME~1\Mom\LOCALS~1\Temp\rad44FF1.tmp
USERDOMAIN=BOYLE-L1OHX7LU4
USERNAME=Mom
USERPROFILE=F:\Documents and Settings\Mom
VERSION=3.0.5.001
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dad
Mom (admin)
Connor
Jack (admin)
Griffin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 F:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Adobe Acrobat 5.0 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"F:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> F:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6.0 --> F:\Program Files\AIM6\uninst.exe
AOL Explorer --> F:\Program Files\Common Files\AOL\1130085409\ee\services\browser\ver1_1_1042\uninst.exe
AOL Toolbar 2.0 --> "F:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> F:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Backyard Baseball 2003 --> F:\WINDOWS\IsUninst.exe -f"F:\HEGames\Baseball 2003\Uninst.isu" -c"F:\HEGames\Baseball 2003\Uninst.dll -c"F:\HEGames\Baseball 2003\Uninst.dll
Backyard Basketball --> F:\WINDOWS\IsUninst.exe -fF:\HEGames\Basketball\Uninst.isu -c"F:\HEGames\Basketball\Uninst.dll
Backyard Football 2002 --> F:\WINDOWS\IsUninst.exe -fF:\HEGames\Football2002\Uninst.isu -c"F:\HEGames\Football2002\Uninst.dll
BearShare --> F:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe F:\PROGRA~1\BEARSH~2\BEARSH~1\UNWISE.EXE F:\PROGRA~1\BEARSH~2\BEARSH~1\INSTALL.LOG
BitTorrent 6.0 --> F:\Program Files\BitTorrent\uninst.exe
Cakewalk VST Adapter 4 --> F:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE F:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
DING! --> MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Disney Pirates of the Caribbean Online --> F:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DNA --> "F:\Program Files\DNA\btdna.exe" /UNINSTALL
DreamStation DXi2 --> F:\WINDOWS\DSDXIRMV.EXE F:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Finale NotePad 2006 --> F:\WINDOWS\unvise32.exe F:\Program Files\Finale NotePad 2006\uninstal.log
FreeStyle Street Basketball™ --> F:\Program Files\InstallShield Installation Information\{E192E363-0D29-4D22-B034-F2E457CC0660}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Freeze Clip Art --> "F:\PROGRA~1\Freeze.com\Freeze Clip Art\UNINSTAL.EXE"
Google Desktop --> F:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar2.dll"
HP Photo & Imaging 3.1 --> F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0 --> "F:\Program Files\HP\Digital Imaging\{6CF9C6C0-54E5-4668-85C1-C10F63C40155}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
IrfanView (remove only) --> F:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LiveUpdate 1.80 (Symantec Corporation) --> F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logic Hit Kit --> F:\WINDOWS\unvise32.exe F:\Program Files\emagic\Logic Hit Kit\uninstal.log
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher --> F:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MLB.com Playball --> "F:\Program Files\MLB.com\Playball\Uninstall.exe"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\msninst.inf,Uninstall
MVP Baseball 2004 --> F:\Program Files\EA SPORTS\MVP Baseball 2004\EAUninstall.exe
My Web Search (Cursor Mania) --> rundll32 F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsbar.dll,O
Network Play System (Patching) --> F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
QuickTime --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Schoolhouse Rock Thinking Games --> F:\CWONDERS\SHRTHINK\CWRUN.EXE SHRThinkingGames UninstallExe
SONAR LE --> F:\PROGRA~1\Cakewalk\SONARL~1\UNWISE.EXE F:\PROGRA~1\Cakewalk\SONARL~1\INSTALL.LOG
StarFlyers Alien Space Chase --> F:\WINDOWS\TLCUninstall.exe -f "F:\Program Files\The Learning Company\StarFlyers Alien Space Chase\Uninstall.xml"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims Vacation --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3D9231F6-A287-4222-9EBC-519BB206F590}\setup.exe" -l0009
The Weather Channel Desktop --> F:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
The Weather Channel Desktop 6 --> F:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Weather Services --> F:\WINDOWS\system32\control.exe F:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}


-- Application Event Log -------------------------------------------------------

Event Record #/Type8352 / Error
Event Submitted/Written: 07/26/2008 08:36:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vacfix.exe, version 0.12.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00002664.
Processing media-specific event for [vacfix.exe!ws!]

Event Record #/Type8351 / Error
Event Submitted/Written: 07/26/2008 08:12:22 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8350 / Error
Event Submitted/Written: 07/26/2008 08:12:20 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8349 / Error
Event Submitted/Written: 07/26/2008 08:12:18 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8342 / Error
Event Submitted/Written: 07/26/2008 00:10:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type130692 / Error
Event Submitted/Written: 07/27/2008 09:29:02 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type130551 / Error
Event Submitted/Written: 07/26/2008 08:59:22 AM / 07/26/2008 08:59:23 AM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000022' while processing the file 'Winel63.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Event Record #/Type130479 / Error
Event Submitted/Written: 07/26/2008 07:43:47 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the NNServ service to connect.

Event Record #/Type130453 / Error
Event Submitted/Written: 07/26/2008 00:30:44 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type130420 / Warning
Event Submitted/Written: 07/26/2008 00:26:23 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-27 20:58:25 ------------

BC AdBot (Login to Remove)

 


#2 Mr PJ

Mr PJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 27 July 2008 - 09:42 PM

By the way, one other problem I have is that I get the following error message when logging in: "Error in Loading F:\WINDOWS\system32\tfiwvuma.dll The specified module cannot be found" (F is my hard drive) - I get 2 error messages in succession. Doesn't seem to affect anything and may be related to the antivirus programs I installed. Just wanted you to know.

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:03 AM

Posted 08 August 2008 - 01:39 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Mr PJ

Mr PJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 10 August 2008 - 10:49 AM

No problem on the delay, I was out of town. I haven't resolved this issue yet, so I'm still looking for help. Here are the latest DSS Scan results (Main.txt only as the program does not seem to be generating an extra.txt). I tried to run the kaspery online scanner but it says I need a version of Java 1.5 or greater. I installed version 6 and it is still giving me these messages. I will send you what I have for now and if I figure anything out I will pass that along in another message.

Deckard's System Scanner v20071014.68
Run by Mom on 2008-08-10 10:33:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33: VIRUS ALERT!, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
F:\Program Files\QuickTime\QTTask.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLServiceHost.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Southwest Airlines\Ding\Ding.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Mom\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Mom.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD} - F:\WINDOWS\system32\fccaArrp.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A1054649-C6B5-471E-8180-D8C6B3E647BD} - F:\WINDOWS\system32\tuvvSLFX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {8b40e5d4-0700-a749-7404-8aa48c6f10ef} - {fe01f6c8-4aa8-4047-947a-00704d5e04b8} - F:\WINDOWS\system32\hnypcp.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "F:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BearShare] "F:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 F:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "F:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus] F:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [009c8934] rundll32.exe "F:\WINDOWS\system32\tfiwvuma.dll",b
O4 - HKLM\..\Run: [000000af] rundll32.exe "F:\WINDOWS\system32\tfiwvuma.dll",b
O4 - HKLM\..\Run: [RRT-Auto] F:\DOCUME~1\Mom\LOCALS~1\Temp\Temporary Directory 1 for RRT[1].zip\RRT.exe auto
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] F:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [DW4] "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DW6] "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [WhenUSave] "F:\Program Files\Save\Save.exe" (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [Microsoft Works Update Detection] F:\Program Files\Microsoft Works\WkDetect.exe (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [Antivirus] F:\Program Files\VAV\vav.exe (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [Sys2.exe] C:\Windows\Sys2.exe (User 'Connor')
O4 - HKUS\S-1-5-21-220523388-1035525444-839522115-1006\..\Run: [Sys3.exe] C:\Windows\Sys3.exe (User 'Connor')
O4 - S-1-5-21-220523388-1035525444-839522115-1006 Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Connor')
O4 - Startup: DING!.lnk = F:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - f:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm450NXUS
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaArrp - fccaArrp.dll (file missing)
O21 - SSODL: wnslvxtf - {55B294FA-E9AB-44EB-A6AC-50F0FF921C61} - F:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {38D6A90B-B204-40DA-9572-B78E15F60637} - F:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: NNServ - Unknown owner - F:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/logos/conan_doyle.gif
O24 - Desktop Component 1: (no name) - http://www.beyondunreal.com/images/postal2/poop.jpg
O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:TXK8...m/2004/poop.jpg
O24 - Desktop Component 3: (no name) - http://images.google.com/images?q=tbn:_Nkt...ostal2/poop.jpg
O24 - Desktop Component 4: (no name) - http://images.google.com/images?q=tbn:oSb1...gdoo-746387.jpg
O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:mMN4...ls.net/poop.jpg
O24 - Desktop Component 6: (no name) - http://msn.foxsports.com/id/6065954_18_1.jpg

--
End of file - 11946 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 10:33:02 163840 --a------ F:\WINDOWS\endq.exe
2008-08-10 10:16:18 0 d-------- F:\Program Files\Trend Micro
2008-07-29 19:43:39 0 d-------- F:\Documents and Settings\Connor\Application Data\AVGTOOLBAR
2008-07-27 09:25:46 0 d-------- F:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2008-07-26 08:47:48 0 d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 08:47:03 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-07-26 08:47:03 0 d-------- F:\Documents and Settings\Mom\Application Data\SUPERAntiSpyware.com
2008-07-26 08:32:36 4320 --a------ F:\WINDOWS\system32\tmp.reg
2008-07-26 08:27:51 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-26 08:27:45 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-26 08:27:31 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-26 08:27:27 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-26 08:27:17 51200 --a------ F:\WINDOWS\system32\dumphive.exe

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:03 AM

Posted 10 August 2008 - 12:03 PM

Hi Mr PJ

Step 1

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
Step 2

Please download ComboFix

**Note: It is important that it is saved directly to your desktop**

There are full instructions on how to download and run ComboFix here:
How to use ComboFix
Please follow all the instructions to the letter...(this is very important)

Please ensure that you install the Recovery Console.
If it's not already installed on your machine

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
Note: Do not mouseclick combofix's window while its running. This may cause it to stall

When finished, it will produce a log for you. Post that log in your next reply.

In your next reply, please submit:
SDFix report
ComboFix.txt
and a new Hjt log

Thanks

BBPP6nz.png


#6 Mr PJ

Mr PJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 10 August 2008 - 02:09 PM

Here is the kaspersky scan report. Also, I looked in the Deckard System Scanner directory and the extra .txt file is not there. I believe my antiu virus program may have interfered with the generation of this file.

Please advise on next steps. Thanks in advance.

KASPERSKY ONLINE SCANNER 7 REPORTKASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build
2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 10, 2008 17:06:19
Records in database: 1079166


Scan settings
Scan using the following databaseextended
Scan archivesyes
Scan mail databasesyes

Scan areaCritical Areas
C:\Program Files
F:\Documents and Settings\All Users\Start Menu\Programs\Startup
F:\Documents and Settings\Mom\Start Menu\Programs\Startup
F:\Program Files
F:\WINDOWS

Scan statistics
Files scanned45509
Threat name17
Infected objects27
Suspicious objects0
Duration of the scan01:59:16

File nameThreat nameThreats count
F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoestb.dll/F:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoestb.dllInfected:
not-a-virus:AdTool.Win32.MyWebSearch.db7

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exeInfected:
not-a-virus:AdWare.Win32.180Solutions.ao1

F:\Program Files\Internet Explorer\msimg32.dllInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cg1

F:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLLInfected:
not-a-virus:WebToolbar.Win32.MyWebSearch.dn1

F:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cn1

F:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cg1

F:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ch1

F:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCRInfected:
not-a-virus:AdTool.Win32.MyWebSearch.bg1

F:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cj1

F:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ck1

F:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.bh1

F:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cj1

F:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ax1

F:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cm1

F:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ad1

F:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXEInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cl1

F:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.cc1

F:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ci1

F:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.db1

F:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLLInfected:
not-a-virus:AdTool.Win32.MyWebSearch.ca1

F:\WINDOWS\system32\f3PSSavr.scrInfected:
not-a-virus:AdTool.Win32.MyWebSearch.bg1

The selected area was scanned.

#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:03 AM

Posted 10 August 2008 - 02:15 PM

Hi,
That's ok for the time being.
Please run the 2 programs in my earlier post and let me have those reports.

Thanks.

BBPP6nz.png


#8 Mr PJ

Mr PJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 10 August 2008 - 04:21 PM

I have performed the actions that you have directed and attached are the following log files:

Report.txt from SDFix
ComboFix log
Main.txt from DSS/HijackThis

Everything looks like its “back to normal”, but I will monitor and let you know.

Thanks

-------------

SDFix: Version 1.214
Run by Mom on Sun 08/10/2008 at 14:44

Microsoft Windows XP [Version 5.1.2600]
Running From: F:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

F:\WINDOWS\ENDQ.EXE - Deleted
F:\WINDOWS\SYSTEM32\IEXPLORE.EXE - Deleted
F:\WINDOWS\system32\c.bat - Deleted
F:\WINDOWS\system32\iexplore.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 15:13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"="F:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe:*:Enabled:mvp2004"
"F:\\Program Files\\AIM\\aim.exe"="F:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe"="F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="F:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"F:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="F:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"F:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="F:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"F:\\Program Files\\Windows Media Player\\wmplayer.exe"="F:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"F:\\Program Files\\EA SPORTS\\Madden NFL 2005\\mainapp.exe"="F:\\Program Files\\EA SPORTS\\Madden NFL 2005\\mainapp.exe:*:Enabled:mainapp"
"F:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="F:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"F:\\Program Files\\Internet Explorer\\iexplore.exe"="F:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"F:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"="F:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe:*:Enabled:FreeStyle"
"F:\\Program Files\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"F:\\Program Files\\AIM6\\aim6.exe"="F:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\DNA\\btdna.exe"="F:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"F:\\Program Files\\BitTorrent\\bittorrent.exe"="F:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"F:\\Documents and Settings\\Connor\\Program Files\\BitTorrent\\BitTorrent.exe"="F:\\Documents and Settings\\Connor\\Program Files\\BitTorrent\\BitTorrent.exe:*:Disabled:BitTorrent"
"F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"F:\\Program Files\\iTunes\\iTunes.exe"="F:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe"="F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - F:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 5 Aug 2007 25,600 ...H. --- "F:\~WRL2456.tmp"
Sat 23 Jul 2005 4,348 ..SH. --- "F:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 11 Nov 2007 28,160 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL0396.tmp"
Wed 7 Jun 2006 20,480 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL0450.tmp"
Mon 10 Jul 2006 23,552 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL0630.tmp"
Thu 16 Mar 2006 65,024 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL1233.tmp"
Wed 15 Feb 2006 3,523,584 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL1551.tmp"
Mon 17 Sep 2007 24,064 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL1986.tmp"
Mon 17 Sep 2007 27,648 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL2405.tmp"
Wed 15 Feb 2006 33,792 ...H. --- "F:\Documents and Settings\Connor\My Documents\~WRL3834.tmp"
Thu 8 Dec 2005 19,968 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL0440.tmp"
Thu 4 Oct 2007 19,456 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL0510.tmp"
Mon 4 Jun 2007 33,792 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL0569.tmp"
Tue 10 Jan 2006 22,528 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL1186.tmp"
Thu 12 Oct 2006 19,968 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL1491.tmp"
Mon 6 Mar 2006 22,016 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL1609.tmp"
Sun 3 Jun 2007 20,480 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL2319.tmp"
Thu 8 Dec 2005 19,968 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL3138.tmp"
Mon 4 Jun 2007 28,672 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL3197.tmp"
Mon 27 Nov 2006 19,456 ...H. --- "F:\Documents and Settings\Jack\My Documents\~WRL3364.tmp"
Tue 27 Dec 2005 27,648 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL0338.tmp"
Sun 28 Aug 2005 26,624 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL0537.tmp"
Tue 27 Dec 2005 25,088 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL0722.tmp"
Wed 9 Apr 2008 103,424 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL1165.tmp"
Wed 28 Dec 2005 76,288 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL1429.tmp"
Wed 28 Dec 2005 72,704 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL1512.tmp"
Sun 28 Aug 2005 27,648 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2077.tmp"
Wed 28 Dec 2005 30,208 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2106.tmp"
Tue 11 Oct 2005 19,456 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2237.tmp"
Sun 28 Aug 2005 26,112 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2719.tmp"
Wed 28 Dec 2005 32,256 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2762.tmp"
Sat 26 Nov 2005 21,504 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2831.tmp"
Tue 11 Oct 2005 20,480 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2844.tmp"
Sun 28 Aug 2005 27,648 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2914.tmp"
Wed 14 Sep 2005 19,456 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL2976.tmp"
Sun 28 Aug 2005 27,136 ...H. --- "F:\Documents and Settings\Mom\My Documents\~WRL3244.tmp"
Sat 26 Jul 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT12.tmp"
Wed 14 Mar 2007 200,192 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0004.tmp"
Sun 10 Dec 2006 181,760 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0153.tmp"
Sat 24 Jun 2006 147,968 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0426.tmp"
Sun 5 Nov 2006 175,104 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0441.tmp"
Wed 1 Nov 2006 174,592 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0518.tmp"
Tue 5 Feb 2008 232,448 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0706.tmp"
Wed 7 Feb 2007 189,952 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL0792.tmp"
Tue 20 Nov 2007 220,160 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL1441.tmp"
Sun 29 Apr 2007 204,800 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL2053.tmp"
Tue 14 Mar 2006 89,600 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL2224.tmp"
Sun 23 Oct 2005 58,880 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL3361.tmp"
Wed 24 Aug 2005 29,696 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL3442.tmp"
Sun 27 Nov 2005 63,488 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Templates\~WRL4005.tmp"
Thu 4 May 2006 45,056 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0079.tmp"
Mon 14 Apr 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0374.tmp"
Mon 17 Sep 2007 32,768 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0600.tmp"
Mon 14 Apr 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0792.tmp"
Sun 8 Jan 2006 423,424 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0902.tmp"
Mon 12 Sep 2005 49,664 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL0993.tmp"
Mon 17 Sep 2007 27,136 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1014.tmp"
Mon 18 Feb 2008 43,008 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1245.tmp"
Wed 15 Feb 2006 86,528 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1254.tmp"
Thu 4 May 2006 64,000 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1255.tmp"
Sun 11 Nov 2007 222,208 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1401.tmp"
Thu 4 May 2006 64,512 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1436.tmp"
Sun 11 Nov 2007 20,480 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1564.tmp"
Mon 18 Feb 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1673.tmp"
Sun 4 Jun 2006 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1946.tmp"
Mon 17 Sep 2007 29,696 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL1996.tmp"
Sun 11 Nov 2007 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2001.tmp"
Mon 17 Sep 2007 24,576 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2007.tmp"
Mon 18 Feb 2008 31,232 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2312.tmp"
Sun 4 Jun 2006 146,944 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2319.tmp"
Sun 11 Nov 2007 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2583.tmp"
Sun 4 Jun 2006 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2641.tmp"
Sun 4 Jun 2006 151,552 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2719.tmp"
Wed 12 Oct 2005 116,736 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2755.tmp"
Sun 16 Mar 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2773.tmp"
Wed 26 Apr 2006 22,016 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2790.tmp"
Sun 19 Mar 2006 47,616 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL2972.tmp"
Sun 16 Mar 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL3131.tmp"
Mon 14 Apr 2008 19,456 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL3247.tmp"
Mon 18 Feb 2008 24,064 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL3501.tmp"
Thu 13 Mar 2008 236,032 ...H. --- "F:\Documents and Settings\Connor\Application Data\Microsoft\Word\~WRL3981.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "F:\Documents and Settings\Connor\Application Data\U3\temp\Launchpad Removal.exe"
Sat 6 Oct 2007 46,080 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Templates\~WRL1926.tmp"
Sun 28 Oct 2007 47,616 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Templates\~WRL3304.tmp"
Sun 11 Nov 2007 48,640 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Templates\~WRL3513.tmp"
Fri 24 Mar 2006 37,888 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 5 Jul 2007 47,104 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Word\~WRL0079.tmp"
Wed 23 Jul 2008 53,248 ...H. --- "F:\Documents and Settings\Dad\Application Data\Microsoft\Word\~WRL0688.tmp"
Sat 23 Jul 2005 4,348 ...H. --- "F:\Documents and Settings\Griffin\My Documents\My Music\License Backup\drmv1key.bak"
Sat 2 Dec 2006 20 A..H. --- "F:\Documents and Settings\Griffin\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 23 Jul 2005 400 A.SH. --- "F:\Documents and Settings\Griffin\My Documents\My Music\License Backup\drmv2key.bak"
Sat 23 Jul 2005 4,348 ...H. --- "F:\Documents and Settings\Jack\My Documents\My Music\License Backup\drmv1key.bak"
Tue 14 Nov 2006 20 A..H. --- "F:\Documents and Settings\Jack\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 23 Jul 2005 400 A.SH. --- "F:\Documents and Settings\Jack\My Documents\My Music\License Backup\drmv2key.bak"
Fri 4 Nov 2005 50,176 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL0091.tmp"
Mon 10 Oct 2005 45,056 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL0691.tmp"
Wed 12 Apr 2006 99,840 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL1391.tmp"
Tue 27 Dec 2005 60,928 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL1549.tmp"
Sun 9 Sep 2007 192,000 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL1896.tmp"
Wed 17 May 2006 112,640 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL2247.tmp"
Sun 28 Aug 2005 38,400 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL2248.tmp"
Wed 28 Dec 2005 62,464 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3126.tmp"
Tue 1 Nov 2005 49,152 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3148.tmp"
Tue 3 Jan 2006 69,632 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3269.tmp"
Thu 16 Mar 2006 86,016 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3520.tmp"
Mon 29 Jan 2007 154,624 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3588.tmp"
Mon 13 Feb 2006 78,336 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3597.tmp"
Thu 15 Dec 2005 55,808 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3848.tmp"
Thu 29 Dec 2005 65,024 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3951.tmp"
Fri 2 Sep 2005 38,912 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Templates\~WRL3994.tmp"
Fri 2 Jun 2006 122,880 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL0434.tmp"
Tue 11 Oct 2005 21,504 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL0507.tmp"
Tue 11 Oct 2005 22,528 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL1091.tmp"
Wed 9 Apr 2008 183,296 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL1422.tmp"
Mon 28 Nov 2005 23,040 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL1510.tmp"
Tue 11 Oct 2005 20,480 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL1524.tmp"
Wed 28 Dec 2005 67,072 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL2246.tmp"
Wed 22 Jun 2005 19,456 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL2358.tmp"
Tue 11 Oct 2005 23,040 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL2456.tmp"
Wed 10 Jan 2007 23,552 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL2630.tmp"
Thu 19 Jul 2007 181,248 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL3176.tmp"
Wed 10 Jan 2007 23,040 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL3303.tmp"
Sat 18 Mar 2006 92,672 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL3464.tmp"
Wed 28 Dec 2005 67,072 ...H. --- "F:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL3630.tmp"

Finished!
ComboFix 08-08-10.01 - Mom 2008-08-10 15:48:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.199 [GMT -5:00]
Running from: F:\Documents and Settings\Mom\Desktop\ComboFix.exe
Command switches used :: F:\Documents and Settings\Mom\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\#SharedObjects\KNX7C8XH\interclick.com
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\#SharedObjects\KNX7C8XH\interclick.com\ud.sol
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\#SharedObjects\KNX7C8XH\www.broadcaster.com
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\#SharedObjects\KNX7C8XH\www.broadcaster.com\played_list.sol
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\#SharedObjects\KNX7C8XH\www.broadcaster.com\video_queue.sol
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
F:\Documents and Settings\Connor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\EPVJKAGF\interclick.com
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\EPVJKAGF\interclick.com\ud.sol
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\EPVJKAGF\www.broadcaster.com
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\EPVJKAGF\www.broadcaster.com\played_list.sol
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\#SharedObjects\EPVJKAGF\www.broadcaster.com\video_queue.sol
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
F:\Documents and Settings\Dad\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
F:\Documents and Settings\Dad\Application Data\Starware
F:\Documents and Settings\Dad\Application Data\Starware\Manager\ManagerOptions.xml
F:\Documents and Settings\Dad\Application Data\Starware\Manager\ManagerOptions.xml.backup
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\LZXZP3PD\interclick.com
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\LZXZP3PD\interclick.com\ud.sol
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\LZXZP3PD\www.broadcaster.com
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\LZXZP3PD\www.broadcaster.com\played_list.sol
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\LZXZP3PD\www.broadcaster.com\video_queue.sol
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
F:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
F:\Program Files\FunWebProducts
F:\Program Files\FunWebProducts\ScreenSaver\Images\054AA156.urr
F:\Program Files\FunWebProducts\ScreenSaver\Images\0B2DAA3E.urr
F:\Program Files\FunWebProducts\Shared\008C62E7.dat
F:\Program Files\FunWebProducts\Shared\0341CE68.dat
F:\Program Files\FunWebProducts\Shared\07203679.dat
F:\Program Files\FunWebProducts\Shared\0B2C6AF7.dat
F:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
F:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
F:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
F:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
F:\Program Files\internet explorer\msimg32.dll
F:\Program Files\myglobalsearch
F:\Program Files\myglobalsearch\bar\History\search
F:\Program Files\MyWebSearch
F:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
F:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
F:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
F:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
F:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV
F:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
F:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
F:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
F:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
F:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
F:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
F:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
F:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
F:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
F:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
F:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
F:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
F:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
F:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
F:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
F:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
F:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
F:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
F:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE
F:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
F:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
F:\Program Files\MyWebSearch\bar\Cache\003C46F8.bin
F:\Program Files\MyWebSearch\bar\Cache\003C48CC.bin
F:\Program Files\MyWebSearch\bar\Cache\003C49C6.bin
F:\Program Files\MyWebSearch\bar\Cache\003C4AEF.bin
F:\Program Files\MyWebSearch\bar\Cache\030167C6
F:\Program Files\MyWebSearch\bar\Cache\080CB4B5
F:\Program Files\MyWebSearch\bar\Cache\080CB8DC.bin
F:\Program Files\MyWebSearch\bar\Cache\080CBA82.bin
F:\Program Files\MyWebSearch\bar\Cache\080CBCD4.bin
F:\Program Files\MyWebSearch\bar\Cache\files.ini
F:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
F:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
F:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
F:\Program Files\MyWebSearch\bar\History\search
F:\Program Files\MyWebSearch\bar\History\search2
F:\Program Files\MyWebSearch\bar\icons\CM.ICO
F:\Program Files\MyWebSearch\bar\icons\MFC.ICO
F:\Program Files\MyWebSearch\bar\icons\PSS.ICO
F:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
F:\Program Files\MyWebSearch\bar\icons\WB.ICO
F:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
F:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
F:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
F:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
F:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
F:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
F:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
F:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
F:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
F:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
F:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
F:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
F:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
F:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
F:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
F:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
F:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
F:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
F:\Program Files\MyWebSearch\bar\Settings\setting2.htm
F:\Program Files\MyWebSearch\bar\Settings\settings.dat
F:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
F:\Program Files\MyWebSearch\bar\Settings\settings.htm
F:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
F:\Program Files\screensavers.com
F:\WINDOWS\Downloaded Program Files\setup.inf
F:\WINDOWS\system32\amuvwift.ini
F:\WINDOWS\system32\f3PSSavr.scr
F:\WINDOWS\system32\iwfhxmgm.ini
F:\WINDOWS\system32\XFLSvvut.ini
F:\WINDOWS\system32\XFLSvvut.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NNSERV
-------\Service_MyWebSearchService
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-10 15:44 . 2008-08-10 15:44 62,976 --a------ F:\virusfixlog.doc
2008-08-10 14:37 . 2008-08-10 14:38 <DIR> d-------- F:\WINDOWS\ERUNT
2008-08-10 14:26 . 2008-08-10 15:17 <DIR> d-------- F:\SDFix
2008-08-10 14:13 . 2008-08-10 14:13 24,064 --a------ F:\virusfix.doc
2008-08-10 10:43 . 2008-08-10 10:43 <DIR> d-------- F:\WINDOWS\Sun
2008-08-10 10:42 . 2008-06-10 02:32 73,728 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-08-10 10:41 . 2008-08-10 10:42 <DIR> d-------- F:\Program Files\Java
2008-08-10 10:41 . 2008-08-10 10:41 <DIR> d-------- F:\Program Files\Common Files\Java
2008-08-10 10:16 . 2008-08-10 10:16 <DIR> d-------- F:\Program Files\Trend Micro
2008-07-29 19:43 . 2008-08-09 23:22 <DIR> d-------- F:\Documents and Settings\Connor\Application Data\AVGTOOLBAR
2008-07-27 20:53 . 2008-07-27 20:53 <DIR> d-------- F:\Deckard
2008-07-27 09:25 . 2008-07-27 09:30 <DIR> d-------- F:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2008-07-26 12:48 . 2004-08-04 02:56 15,360 --a--c--- F:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-07-26 12:48 . 2004-08-04 02:56 15,360 --a------ F:\WINDOWS\system32\ctfmon.exe.backup
2008-07-26 08:47 . 2008-07-26 08:47 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2008-07-26 08:47 . 2008-07-26 08:47 <DIR> d-------- F:\Documents and Settings\Mom\Application Data\SUPERAntiSpyware.com
2008-07-26 08:47 . 2008-07-26 08:47 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 08:32 . 2008-07-26 09:10 4,320 --a------ F:\WINDOWS\system32\tmp.reg
2008-07-26 08:27 . 2007-09-06 00:22 289,144 --a------ F:\WINDOWS\system32\VCCLSID.exe
2008-07-26 08:27 . 2006-04-27 17:49 288,417 --a------ F:\WINDOWS\system32\SrchSTS.exe
2008-07-26 08:27 . 2008-05-29 09:35 86,528 --a------ F:\WINDOWS\system32\VACFix.exe
2008-07-26 08:27 . 2008-07-02 13:33 82,432 --a------ F:\WINDOWS\system32\IEDFix.C.exe
2008-07-26 08:27 . 2008-05-23 18:21 81,920 --a------ F:\WINDOWS\system32\404Fix.exe
2008-07-26 08:27 . 2004-07-31 18:50 51,200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-26 08:27 . 2007-10-04 00:36 25,600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-26 08:26 . 2003-06-05 21:13 53,248 --a------ F:\WINDOWS\system32\Process.exe
2008-07-25 23:58 . 2008-08-10 12:02 <DIR> d--h----- F:\$AVG8.VAULT$
2008-07-25 23:49 . 2008-07-25 23:49 76,040 --a------ F:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-25 23:49 . 2008-07-25 23:49 10,520 --a------ F:\WINDOWS\system32\avgrsstx.dll
2008-07-25 23:48 . 2008-08-09 21:48 <DIR> d-------- F:\WINDOWS\system32\drivers\Avg
2008-07-25 23:48 . 2008-07-26 07:47 <DIR> d-------- F:\Documents and Settings\Mom\Application Data\AVGTOOLBAR
2008-07-25 23:48 . 2008-07-25 23:48 96,520 --a------ F:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- F:\Program Files\AVG
2008-07-25 23:47 . 2008-07-25 23:47 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 23:12 . 2008-07-25 23:12 16,244 --a------ F:\WINDOWS\system32\rrt_is.wav
2008-07-25 23:12 . 2008-07-25 23:12 7,302 --a------ F:\WINDOWS\system32\rrt_vf.wav
2008-07-25 23:12 . 2008-07-25 23:12 7,148 --a------ F:\WINDOWS\system32\rrt_tv.wav
2008-07-25 23:12 . 2008-07-25 23:12 6,282 --a------ F:\WINDOWS\system32\rrt_tn.wav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 21:00 --------- d-----w F:\Documents and Settings\Mom\Application Data\DNA
2008-08-10 02:45 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2008-07-30 23:00 --------- d-----w F:\Program Files\Norton Security Scan
2008-07-26 13:45 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
2008-07-26 05:35 --------- d-----w F:\Documents and Settings\Connor\Application Data\BitTorrent
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 12:13 --------- d-----w F:\Program Files\The Weather Channel FW
2008-06-13 13:10 272,128 ----a-w F:\WINDOWS\system32\drivers\bthport.sys
2005-10-22 19:46 189,920 -c--a-w F:\Program Files\msicuu2.exe
2005-10-21 02:48 34,412,848 -c--a-w F:\Program Files\iTunesSetup.exe
2005-06-16 02:29 533,904 -c--a-w F:\Program Files\psa2011se_DLM_us_full
.

------- Sigcheck -------

2001-08-18 07:00 13312 85b1054db58d13aa42d7dca778c30f57 F:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-07-26 12:48 24064 c3a2915c71ae6f225eb906c25ccd29b5 F:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-07-26 12:48 24064 c3a2915c71ae6f225eb906c25ccd29b5 F:\WINDOWS\system32\ctfmon.exe
2008-07-26 12:48 24064 c3a2915c71ae6f225eb906c25ccd29b5 F:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Microsoft Works Update Detection"="F:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00 28739]
"DW4"="F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 09:10 715888]
"BitTorrent DNA"="F:\Program Files\DNA\btdna.exe" [2008-05-08 07:50 289088]
"DW6"="F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="F:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 15:00 24576]
"Microsoft Works Portfolio"="F:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 15:00 311350]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HostManager"="F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe" [2005-08-02 14:33 159832]
"Adobe Photo Downloader"="F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Google Desktop Search"="F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-18 15:39 1831936]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 23:47 1232152]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

F:\Documents and Settings\Mom\Start Menu\Programs\Startup\
DING!.lnk - F:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40 233472]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 15:00:00 65588]
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 15:00:00 24633]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "F:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windk85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton AntiVirus Server"=2 (0x2)
"DefWatch"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=
"F:\\Program Files\\Common Files\\AOL\\1130085409\\ee\\AOLServiceHost.exe"=
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"F:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"F:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"F:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\DNA\\btdna.exe"=
"F:\\Program Files\\BitTorrent\\bittorrent.exe"=
"F:\\Documents and Settings\\Connor\\Program Files\\BitTorrent\\BitTorrent.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 23:48]
R2 avg8emc;AVG Free8 E-mail Scanner;F:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-25 23:47]
R2 avg8wd;AVG Free8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 23:47]
R2 AvgTdiX;AVG Free8 Network Redirector;F:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-25 23:49]
R3 ati2mtaa;ati2mtaa;F:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:29]
S0 Winel63;Winel63;F:\WINDOWS\system32\Drivers\Winel63.sys []
S3 ati2mpaa;ati2mpaa;F:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 RDID1061;EDIROL UA-4FX;F:\WINDOWS\system32\Drivers\rdwm1061.sys [2005-07-25 20:22]
S3 Windk85;Windk85;F:\WINDOWS\System32\drivers\Windk85.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-07-30 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2008-07-11 F:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1118503937.job
- F:\Program Files\HP\hpcoretech\comp\hpdarc.exe []

2008-07-31 F:\WINDOWS\Tasks\Norton Security Scan.job
- F:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A1054649-C6B5-471E-8180-D8C6B3E647BD} - F:\WINDOWS\system32\tuvvSLFX.dll
BHO-{fe01f6c8-4aa8-4047-947a-00704d5e04b8} - F:\WINDOWS\system32\hnypcp.dll
HKLM-Run-vptray - F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
HKLM-Run-HP Component Manager - F:\Program Files\HP\hpcoretech\hpcmpmgr.exe
HKLM-Run-BearShare - F:\Program Files\BearShare\BearShare.exe
HKLM-Run-MyWebSearch Plugin - F:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - F:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
HKLM-Run-009c8934 - F:\WINDOWS\system32\tfiwvuma.dll
HKLM-Run-000000af - F:\WINDOWS\system32\tfiwvuma.dll


.
------- Supplementary Scan -------
.
O8 -: &AOL Toolbar Search - f:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm450NXUS

O16 -: Microsoft XML Parser for Java - file://F:\WINDOWS\Java\classes\xmldso.cab
F:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 16:09:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\AVG\AVG8\avgrsx.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLServiceHost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-10 16:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 21:14:55

Pre-Run: 37,669,863,424 bytes free
Post-Run: 39,637,966,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
F:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

346 --- E O F --- 2008-07-26 21:02:00
Deckard's System Scanner v20071014.68
Run by Mom on 2008-08-10 16:17:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:42, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\QuickTime\QTTask.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\Program Files\Common Files\AOL\1130085409\ee\AOLServiceHost.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Southwest Airlines\Ding\Ding.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Microsoft Office\Office\WINWORD.EXE
F:\Program Files\Microsoft Works\MSWorks.exe
F:\WINDOWS\msagent\AgentSvr.exe
F:\Documents and Settings\Mom\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Mom.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] F:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [DW4] "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DW6] "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DING!.lnk = F:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - f:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm450NXUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 3: (no name) - http://images.google.com/images?q=tbn:_Nkt...ostal2/poop.jpg
O24 - Desktop Component 4: (no name) - http://images.google.com/images?q=tbn:oSb1...gdoo-746387.jpg
O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:mMN4...ls.net/poop.jpg
O24 - Desktop Component 6: (no name) - http://msn.foxsports.com/id/6065954_18_1.jpg

--
End of file - 8848 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 15:45:53 0 d-------- F:\cmdcons
2008-08-10 15:41:43 68096 --a------ F:\WINDOWS\zip.exe
2008-08-10 15:41:43 49152 --a------ F:\WINDOWS\VFind.exe
2008-08-10 15:41:43 212480 --a------ F:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-10 15:41:43 136704 --a------ F:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-10 15:41:43 161792 --a------ F:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-10 15:41:43 98816 --a------ F:\WINDOWS\sed.exe
2008-08-10 15:41:43 80412 --a------ F:\WINDOWS\grep.exe
2008-08-10 15:41:43 89504 --a------ F:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-10 14:37:43 0 d-------- F:\WINDOWS\ERUNT
2008-08-10 10:43:10 0 d-------- F:\WINDOWS\Sun
2008-08-10 10:43:10 0 d-------- F:\Documents and Settings\Mom\Application Data\Sun
2008-08-10 10:41:26 0 d-------- F:\Program Files\Java
2008-08-10 10:41:08 0 d-------- F:\Program Files\Common Files\Java
2008-08-10 10:16:18 0 d-------- F:\Program Files\Trend Micro
2008-07-29 19:43:39 0 d-------- F:\Documents and Settings\Connor\Application Data\AVGTOOLBAR
2008-07-27 09:25:46 0 d-------- F:\Documents and Settings\Dad\Application Data\AVGTOOLBAR
2008-07-26 08:47:48 0 d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-26 08:47:03 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-07-26 08:47:03 0 d-------- F:\Documents and Settings\Mom\Application Data\SUPERAntiSpyware.com
2008-07-26 08:32:36 4320 --a------ F:\WINDOWS\system32\tmp.reg
2008-07-26 08:27:51 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-26 08:27:45 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-26 08:27:31 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-26 08:27:27 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-26 08:27:17 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-26 08:27:15 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-26 08:26:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-25 23:58:37 0 d--h----- F:\$AVG8.VAULT$
2008-07-25 23:48:22 0 d-------- F:\WINDOWS\system32\drivers\Avg
2008-07-25 23:48:19 0 d-------- F:\Documents and Settings\Mom\Application Data\AVGTOOLBAR
2008-07-25 23:47:31 0 d-------- F:\Program Files\AVG
2008-07-25 23:47:27 0 d-------- F:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 19:37:37 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-25 16:07:42 0 d-------- F:\Documents and Settings\NetworkService\Application Data\Google
2008-07-25 16:07:39 0 dr------- F:\Documents and Settings\NetworkService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-08-10 16:00:17 0 d-------- F:\Documents and Settings\Mom\Application Data\DNA
2008-08-10 15:51:26 0 d-------- F:\Program Files\Common Files
2008-08-09 21:45:05 0 d-------- F:\Program Files\Common Files\Symantec Shared
2008-07-30 18:00:03 0 d-------- F:\Program Files\Norton Security Scan
2008-07-26 12:48:38 24064 --a------ F:\WINDOWS\system32\ctfmon.exe <Not Verified; Gerhard Schlager; Dummy CTFMON.EXE (part of the CTFMON-Remover)>
2008-07-26 08:45:59 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 07:13:51 0 d-------- F:\Program Files\The Weather Channel FW


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/25/2008 23:48 2055960 --a------ F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="F:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 15:00]
"Microsoft Works Portfolio"="F:\Program Files\Microsoft Works\WksSb.exe" [08/08/2000 15:00]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 00:11]
"HostManager"="F:\Program Files\Common Files\AOL\1130085409\ee\AOLHostManager.exe" [08/02/2005 14:33]
"Adobe Photo Downloader"="F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
"Google Desktop Search"="F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/18/2007 15:39]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 23:47]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24]
"Microsoft Works Update Detection"="F:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 15:00]
"DW4"="F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 09:10]
"BitTorrent DNA"="F:\Program Files\DNA\btdna.exe" [05/08/2008 07:50]
"DW6"="F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]

F:\Documents and Settings\Mom\Start Menu\Programs\Startup\
DING!.lnk - F:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 2:15:48 PM]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 1:20:40 AM]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office\OSA9.EXE [8/8/2000 3:00:00 PM]
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/8/2000 3:00:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windk85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton AntiVirus Server"=2 (0x2)
"DefWatch"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-08-10 16:18:19 ------------

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:03 AM

Posted 11 August 2008 - 02:57 AM

Hi Mr PJ

Still a little more to do, i'm afraid.

Step 1
Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - Global Startup: MyWebSearch Email Plugin.lnk = F:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm450NXUS
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)

Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

Step 2
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
Driver::
Winel63
Windk85

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windk85.sys]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel63.sys]
@=-
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
Posted Image

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Step 3
Please do an online scan with Kaspersky WebScanner.
Notes
Java must be installed and enabled for the scan to work.
Disable your computer's antivirus program as leaving it active will cause conflicts
  • Close ALL programs and windows except for your browser
    Please go to Online Kaspersky Scan and perform an online antivirus scan.
  • Read through the Requirements and limitations statement and click on the Accept button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left.
  • Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan on the left. OK any warnings from your protection programs.
  • Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.
  • Please post this log in your next reply.
Note - enable your antivirus program before browsing away from the Kaspersky site.

Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad
Click Edit > Select all then Edit > Copy
Reply to this thread and paste (Ctrl+V) the report.

In your next reply, please submit:
New ComboFix.txt
Kaspersky scan results
New Hjt log.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users