Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Coolwwwsearch Malware & Uoyzsydz.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 Mieng

Mieng

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Aiken, SC
  • Local time:09:06 AM

Posted 29 July 2008 - 07:49 AM

I'm working on a friends laptop that is infected really bad. He's not as patient or technical as I am so I'm trying to do him a favor by cleaning up his machine. From the google searching that I've done, I'm pretty sure that he has the CoolWWWSearch and uoyzsdz.exe malware. I need a bit of help removing these as these as about as nasty as I have ever seen. He also had the Viewpoint Media Player installed, which is how I think he may have gotten one of these to begin with. I've been able to uninstall that from Add/Change Programs. The laptop is an HP running Windows XP Home. I would appreciate any advise and help in removing this mess.....

Mike "E"

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:07 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\b2new.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\JOHN EDWARDS\Desktop\HJT\HiJackThis.exe
c:\program files\common files\aol\1187589249\ee\aolssc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 13986 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 29 July 2008 - 11:16 AM

Hello Mieng

Welcome to BleepingComputer :thumbsup:
========================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Mieng

Mieng
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Aiken, SC
  • Local time:09:06 AM

Posted 29 July 2008 - 12:19 PM

Thanks for the quick response!

Here are the DSS.exe results:

The is the MAIN.TXT file

Deckard's System Scanner v20071014.68
Run by JOHN EDWARDS on 2008-07-29 15:41:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
36: 2008-07-29 17:04:15 UTC - RP240 - Deckard's System Scanner Restore Point
35: 2008-07-29 05:02:12 UTC - RP239 - Installed Ad-Aware
34: 2008-07-28 07:26:05 UTC - RP238 - System Checkpoint
33: 2008-07-25 09:57:24 UTC - RP237 - Removed Norton Personal Firewall
32: 2008-07-25 02:54:34 UTC - RP236 - Installed Norton Personal Firewall


-- First Restore Point --
1: 2008-06-13 15:05:24 UTC - RP205 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as JOHN EDWARDS.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:05, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\b2new.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\JOHN EDWARDS\Desktop\dss.exe
c:\program files\common files\aol\1187589249\ee\aolssc.exe
C:\DOCUME~1\JOHNED~1\Desktop\HJT\JOHN EDWARDS.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 13426 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\JOHNED~1\Desktop\HJT\backups\) --------

backup-20080729-143637-506 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\b2new.exe service
R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-29 15:41:01 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-23 20:50:56 426 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-27 23:46:35 518 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - JUSTIN EDWARDS.job
2006-04-07 14:01:10 290 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 15:38:00 30464 --a------ C:\WINDOWS\sistem.exe
2008-07-29 15:37:57 16128 --a------ C:\WINDOWS\quicken.exe
2008-07-29 15:37:56 14080 --a------ C:\WINDOWS\qttasks.exe
2008-07-29 15:37:56 15104 --a------ C:\WINDOWS\olehelp.exe
2008-07-29 15:37:54 25856 --a------ C:\WINDOWS\mssys.exe
2008-07-29 15:37:53 30720 --a------ C:\WINDOWS\msconfd.dll
2008-07-29 15:37:50 9728 --a------ C:\WINDOWS\iexplorer.exe
2008-07-29 15:37:49 18176 --a------ C:\WINDOWS\explore.exe
2008-07-29 15:37:49 21248 --a------ C:\WINDOWS\editpad.exe
2008-07-29 15:37:48 12544 --a------ C:\WINDOWS\ctrlpan.dll
2008-07-29 15:37:47 25856 --a------ C:\WINDOWS\avpcc.dll
2008-07-29 15:21:09 18944 --a------ C:\WINDOWS\systemcritical.exe
2008-07-29 15:21:09 24576 --a------ C:\WINDOWS\notepad32.exe
2008-07-29 15:04:21 4752 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 15:03:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-29 15:03:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-29 15:03:37 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-29 15:03:37 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-29 15:03:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-29 15:03:37 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-29 15:03:37 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-29 15:03:37 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-29 07:23:34 13312 --a------ C:\WINDOWS\waol.exe
2008-07-29 07:23:34 8192 --a------ C:\WINDOWS\rundll16.exe
2008-07-29 07:23:34 20480 --a------ C:\WINDOWS\loader.exe
2008-07-29 07:23:34 23296 --a------ C:\WINDOWS\iedll.exe
2008-07-29 01:02:25 0 d-------- C:\Program Files\Lavasoft
2008-07-29 01:02:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 01:00:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 00:25:59 20736 --a------ C:\WINDOWS\y.exe
2008-07-29 00:25:59 20736 --a------ C:\WINDOWS\xplugin.dll
2008-07-29 00:25:59 22528 --a------ C:\WINDOWS\winmgnt.exe
2008-07-29 00:25:58 15872 --a------ C:\WINDOWS\window.exe
2008-07-29 00:25:58 31744 --a------ C:\WINDOWS\winajbm.dll
2008-07-29 00:25:58 32000 --a------ C:\WINDOWS\win64.exe
2008-07-29 00:25:57 26112 --a------ C:\WINDOWS\users32.exe
2008-07-29 00:25:57 11776 --a------ C:\WINDOWS\systeem.exe
2008-07-29 00:25:56 23040 --a------ C:\WINDOWS\mtwirl32.dll
2008-07-29 00:25:56 9216 --a------ C:\WINDOWS\clrssn.exe
2008-07-29 00:25:55 8448 --a------ C:\WINDOWS\accesss.exe
2008-07-25 11:40:27 10752 --a------ C:\WINDOWS\x.exe
2008-07-25 11:40:25 19968 --a------ C:\WINDOWS\msupdate.exe
2008-07-24 22:55:29 0 d-------- C:\Program Files\Norton Personal Firewall
2008-07-24 22:21:32 0 d-------- C:\Program Files\AntispyStorm
2008-07-24 07:35:35 20480 --a------ C:\WINDOWS\win32e.exe
2008-07-23 16:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 11:35:58 23040 --a------ C:\WINDOWS\time.exe
2008-07-23 11:35:57 27648 --a------ C:\WINDOWS\svcinit.exe
2008-07-23 11:35:56 26880 --a------ C:\WINDOWS\svchost32.exe
2008-07-23 11:35:56 17152 --a------ C:\WINDOWS\searchword.dll
2008-07-23 11:35:54 23296 --a------ C:\WINDOWS\mswsc20.dll
2008-07-23 11:35:54 26112 --a------ C:\WINDOWS\mswsc10.dll
2008-07-23 11:35:52 10240 --a------ C:\WINDOWS\msspi.dll
2008-07-23 11:35:51 25600 --a------ C:\WINDOWS\internet.exe
2008-07-23 11:35:51 22272 --a------ C:\WINDOWS\inetinf.exe
2008-07-23 11:35:50 12800 --a------ C:\WINDOWS\helpcvs.exe
2008-07-23 11:35:50 19712 --a------ C:\WINDOWS\gfmnaaa.dll
2008-07-23 11:35:50 28160 --a------ C:\WINDOWS\funny.exe
2008-07-23 11:35:50 30464 --a------ C:\WINDOWS\funniest.exe
2008-07-23 11:35:49 15616 --a------ C:\WINDOWS\explorer32.exe
2008-07-23 11:35:49 18432 --a------ C:\WINDOWS\dnsrelay.dll
2008-07-23 11:35:48 13824 --a------ C:\WINDOWS\directx32.exe
2008-07-23 11:35:48 10752 --a------ C:\WINDOWS\ctfmon32.exe
2008-07-23 11:35:47 12544 --a------ C:\WINDOWS\cpan.dll
2008-07-23 11:26:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-23 11:25:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-23 11:25:54 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-07-23 11:25:03 89559 --a------ C:\WINDOWS\system32\uoyzsydz.exe <Not Verified; Microsoft; XML Media>
2008-07-23 11:25:03 89559 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-07-23 11:23:35 2604 --a------ C:\WINDOWS\portsv.exe
2008-07-23 11:23:13 0 --a------ C:\WINDOWS\yoursearchnet_com.exe
2008-07-23 10:26:39 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-23 09:32:19 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-23 09:32:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-23 09:32:19 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-23 09:32:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-23 09:32:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-23 09:32:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-23 09:32:18 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-23 09:32:18 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-23 09:32:17 3407872 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-23 08:47:45 0 d-------- C:\WINDOWS\pss
2008-07-22 22:39:47 0 d-------- C:\Nexon
2008-07-16 07:54:13 0 --a------ C:\Documents and Settings\JUSTIN EDWARDS\jagex_runescape_preferences.dat
2008-07-06 12:01:27 0 d-------- C:\WINDOWS\network diagnostic
2008-07-06 05:23:57 0 d-------- C:\Documents and Settings\JUSTIN EDWARDS\Application Data\InterVideo


-- Find3M Report ---------------------------------------------------------------

2008-07-29 15:37:08 0 d-------- C:\Program Files\Common Files
2008-07-29 00:40:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 00:37:04 0 d-------- C:\Program Files\Pure Networks
2008-07-28 02:38:29 0 d-------- C:\Program Files\Norton Security Scan
2008-07-25 08:17:02 0 d-------- C:\Program Files\Norton Internet Security
2008-07-25 07:06:45 0 d-------- C:\Program Files\AOL Toolbar
2008-07-23 12:35:02 0 d-------- C:\Program Files\Zone.com Deluxe Games
2008-06-20 09:46:15 0 d-------- C:\Program Files\Disney
2008-05-18 21:01:31 0 -rahs---- C:\MSDOS.SYS
2008-05-18 21:01:31 0 -rahs---- C:\IO.SYS
2008-05-11 11:09:45 25600 --a------ C:\WINDOWS\b2new.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/22/2007 06:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [09/22/2007 06:06]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [09/22/2007 06:06]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/22/2007 06:06]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/22/2007 06:06]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [09/22/2007 06:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/22/2007 06:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/29/2005 09:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 17:32]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [09/22/2007 03:21]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/03/2004 16:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [09/22/2007 03:21]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [09/22/2007 03:21]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [02/27/2003 05:31]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/07/2006 13:58]
"HostManager"="C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe" [09/22/2007 06:06]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe" [09/22/2007 06:06]
"sscRun"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe" [09/22/2007 03:21]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/07/2004 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [09/17/2007 22:59]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 19:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 19:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/21/2007 15:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Pest Cleaning"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

6248 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-29 15:48:02 ------------



Here is the EXTRA.TXT file

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 382.48 MiB / 123.82 MiB
Pagefile Memory (total/avail): 919.64 MiB / 548.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.94 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 11.53 GiB free.
D: is CDROM (CDFS)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AT PL - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:

\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\JOHN EDWARDS\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC129202628113
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\JOHN EDWARDS
LOGONSERVER=\\PC129202628113
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNED~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNED~1\LOCALS~1\Temp
USERDOMAIN=PC129202628113
USERNAME=JOHN EDWARDS
USERPROFILE=C:\Documents and Settings\JOHN EDWARDS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

JOHN EDWARDS (admin)
JUSTIN EDWARDS (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\JOHN EDWARDS\Desktop\HJT\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1E8DC27-C3CD-4DD8-B37B-D26D7D7CFCBD}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Quick Launch Buttons 5.10 B2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033


-- Application Event Log -------------------------------------------------------

Event Record #/Type23106 / Error
Event Submitted/Written: 07/29/2008 02:07:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type23097 / Error
Event Submitted/Written: 07/29/2008 01:54:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type23096 / Error
Event Submitted/Written: 07/29/2008 01:54:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type23095 / Error
Event Submitted/Written: 07/29/2008 01:46:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]

Event Record #/Type23093 / Error
Event Submitted/Written: 07/29/2008 01:42:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module dss.dll, version 0.0.0.0, fault address 0x00002120.
Processing media-specific event for [dss.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type103200 / Error
Event Submitted/Written: 07/29/2008 03:45:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The LiveUpdate service failed to start due to the following error:
%%1053

Event Record #/Type103199 / Error
Event Submitted/Written: 07/29/2008 03:45:12 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Event Record #/Type103198 / Error
Event Submitted/Written: 07/29/2008 03:45:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Event Record #/Type103188 / Error
Event Submitted/Written: 07/29/2008 03:38:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Event Record #/Type103187 / Error
Event Submitted/Written: 07/29/2008 03:38:33 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-07-29 15:48:02 ------------

Attached Files


Edited by Mieng, 29 July 2008 - 02:57 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 29 July 2008 - 03:16 PM

Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

ALso if norton alerts you to scripts while running Combofix allow them or turn off script blocking from within Norton

If the Recovery Console fails to install discontinue and alert me and we will continue
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Mieng

Mieng
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Aiken, SC
  • Local time:09:06 AM

Posted 29 July 2008 - 04:59 PM

kahdah,

Already starting to see some results...The Windows wallpaper warning message is already gone and the boot-up speed seems much better now....

Here is the log from CombFix:

ComboFix 08-07-28.7 - JOHN EDWARDS 2008-07-29 17:13:33.1 - NTFSx86
Running from: C:\Documents and Settings\JOHN EDWARDS\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JOHN EDWARDS\Application Data\macromedia\Flash Player\#SharedObjects\72JBEJDJ\interclick.com
C:\Documents and Settings\JOHN EDWARDS\Application Data\macromedia\Flash Player\#SharedObjects\72JBEJDJ\interclick.com\ud.sol
C:\Documents and Settings\JOHN EDWARDS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JOHN EDWARDS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\JUSTIN EDWARDS\Application Data\macromedia\Flash Player\#SharedObjects\YYL26W5H\interclick.com
C:\Documents and Settings\JUSTIN EDWARDS\Application Data\macromedia\Flash Player\#SharedObjects\YYL26W5H\interclick.com\ud.sol
C:\Documents and Settings\JUSTIN EDWARDS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JUSTIN EDWARDS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\yoursearchnet_com.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 16:06 . 2008-07-29 16:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 16:06 . 2008-07-29 16:06 <DIR> d-------- C:\Documents and Settings\JOHN EDWARDS\Application Data\Malwarebytes
2008-07-29 16:06 . 2008-07-29 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 16:06 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 16:06 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 15:04 . 2008-07-29 15:21 4,752 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 15:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-29 15:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-29 15:03 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-29 15:03 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-29 15:03 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-29 15:03 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-29 15:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-29 15:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-29 15:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-29 13:03 . 2008-07-29 13:03 <DIR> d-------- C:\Deckard
2008-07-29 01:02 . 2008-07-29 01:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-29 01:02 . 2008-07-29 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 01:00 . 2008-07-29 01:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 22:55 . 2008-07-25 05:58 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2008-07-23 17:16 . 2008-07-24 08:15 293 --a------ C:\WINDOWS\wininit.ini
2008-07-23 16:44 . 2008-07-23 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 16:44 . 2008-07-23 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 10:26 . 2008-07-23 10:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-23 09:32 . 2005-04-29 09:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-23 09:32 . 2005-04-29 09:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-23 09:32 . 2008-07-23 09:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-22 22:39 . 2008-07-22 22:39 <DIR> d-------- C:\Nexon
2008-07-16 07:54 . 2008-07-16 07:54 0 --a------ C:\Documents and Settings\JUSTIN EDWARDS\jagex_runescape_preferences.dat
2008-07-06 12:11 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-06 12:11 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-06 12:11 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-06 12:11 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-06 12:11 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-06 12:11 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-06 12:11 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-06 12:11 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-06 12:11 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-06 05:23 . 2008-07-06 05:23 <DIR> d-------- C:\Documents and Settings\JUSTIN EDWARDS\Application Data\InterVideo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 04:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-29 04:37 --------- d-----w C:\Program Files\Pure Networks
2008-07-28 06:38 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-25 12:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-25 11:06 --------- d-----w C:\Program Files\AOL Toolbar
2008-07-25 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-23 16:35 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-07-23 16:33 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-06-25 12:38 --------- d-----w C:\Documents and Settings\JUSTIN EDWARDS\Application Data\bang
2008-06-20 13:46 --------- d-----w C:\Program Files\Disney
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 16:54 352 ----a-w C:\Documents and Settings\JUSTIN EDWARDS\Application Data\wklnhst.dat
2008-06-04 15:58 --------- d-----w C:\Documents and Settings\JUSTIN EDWARDS\Application Data\Template
2007-05-07 12:04 752 ----a-w C:\Documents and Settings\JOHN EDWARDS\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-21 15:39 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-09-22 06:06 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2007-09-22 06:06 36864]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2007-09-22 06:06 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-09-22 06:06 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-22 06:06 692224]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-09-22 06:06 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-22 06:06 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-29 09:02 98304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-09-22 03:21 28672]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 16:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2007-09-22 03:21 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2007-09-22 03:21 253952]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 05:31 69632]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-07 13:58 26112]
"HostManager"="C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe" [2007-09-22 06:06 45056]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe" [2007-09-22 06:06 3072]
"sscRun"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe" [2007-09-22 03:21 131072]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07 496752]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-17 22:59 100056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920]

C:\Documents and Settings\JOHN EDWARDS\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-06-23 15:23:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2007-08-20 03:05:12 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 11:18]
.
Contents of the 'Scheduled Tasks' folder

2006-04-07 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 14:04]

2008-04-28 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - JUSTIN EDWARDS.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2004-10-28 20:51]

2008-07-24 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]

2008-07-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/info/hho-hp-music-hpnotebook-icon
O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 17:21:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?8?1?2??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-29 17:53:28 - machine was rebooted [JOHN EDWARDS]
ComboFix-quarantined-files.txt 2008-07-29 21:53:21

Pre-Run: 12,275,269,632 bytes free
Post-Run: 12,591,407,104 bytes free

196 --- E O F --- 2008-07-22 12:09:04

Attached Files

  • Attached File  log.txt   13.94KB   29 downloads


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 29 July 2008 - 07:23 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Mieng

Mieng
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Aiken, SC
  • Local time:09:06 AM

Posted 30 July 2008 - 07:00 PM

Sorry I took so long....that Kaspersky On-LineScanner required a Java Update and then it took forever to complete. It finished sometime after I left for work this morning....Here is the KOS log. I guess we still have some work to do....The laptop still seems a bit sluggish....

Thanks for all your help thus far....Any estimate as to how many more steps we have left ?

Mike "E"

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 30, 2008 05:25:33
Records in database: 1026710
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 45876
Threat name: 6
Infected objects: 27
Suspicious objects: 0
Duration of the scan: 02:16:22


File name / Threat name / Threats count
C:\Documents and Settings\JOHN EDWARDS\Desktop\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\JOHN EDWARDS\Desktop\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\JOHN EDWARDS\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\JOHN EDWARDS\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 2
C:\Documents and Settings\JOHN EDWARDS\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\JUSTIN EDWARDS\Desktop\Unused Desktop Shortcuts\antispystorm_setup.exe Infected: not-a-virus:FraudTool.Win32.SpyAway.q 1
C:\Program Files\America Online 9.0\Jiti\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25D8150A.exe Infected: Backdoor.Win32.Agent.ark 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F524695.exe Infected: Backdoor.Win32.Agent.ark 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7456193D.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\748D62FF.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\749760F5.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\749E34ED.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74A15EEA.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74A732E3.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AB5CDF.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AE06DC.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74B130D8.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74B55AD4.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7613402E.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76166A2B.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761A1427.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761D3E23.exe Infected: Trojan.Win32.Patched.af 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1

The selected area was scanned.

Attached Files



#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 30 July 2008 - 08:12 PM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\sistem.exe
    C:\WINDOWS\quicken.exe
    C:\WINDOWS\qttasks.exe
    C:\WINDOWS\olehelp.exe
    C:\WINDOWS\mssys.exe
    C:\WINDOWS\msconfd.dll
    C:\WINDOWS\iexplorer.exe
    C:\WINDOWS\explore.exe
    C:\WINDOWS\editpad.exe
    C:\WINDOWS\ctrlpan.dll
    C:\WINDOWS\avpcc.dll
    C:\WINDOWS\systemcritical.exe
    C:\WINDOWS\notepad32.exe
    C:\WINDOWS\waol.exe
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\loader.exe
    C:\WINDOWS\iedll.exe
    C:\WINDOWS\y.exe
    C:\WINDOWS\xplugin.dll
    C:\WINDOWS\winmgnt.exe
    C:\WINDOWS\window.exe
    C:\WINDOWS\winajbm.dll
    C:\WINDOWS\win64.exe
    C:\WINDOWS\users32.exe
    C:\WINDOWS\systeem.exe
    C:\WINDOWS\mtwirl32.dll
    C:\WINDOWS\clrssn.exe
    C:\WINDOWS\accesss.exe
    C:\WINDOWS\x.exe
    C:\WINDOWS\msupdate.exe
    C:\Program Files\AntispyStorm
    C:\WINDOWS\win32e.exe
    C:\WINDOWS\time.exe
    C:\WINDOWS\svcinit.exe
    C:\WINDOWS\svchost32.exe
    C:\WINDOWS\searchword.dll
    C:\WINDOWS\mswsc20.dll
    C:\WINDOWS\mswsc10.dll
    C:\WINDOWS\msspi.dll
    C:\WINDOWS\internet.exe
    C:\WINDOWS\inetinf.exe
    C:\WINDOWS\helpcvs.exe
    C:\WINDOWS\gfmnaaa.dll
    C:\WINDOWS\funny.exe
    C:\WINDOWS\funniest.exe
    C:\WINDOWS\explorer32.exe
    C:\WINDOWS\dnsrelay.dll
    C:\WINDOWS\directx32.exe
    C:\WINDOWS\ctfmon32.exe
    C:\WINDOWS\cpan.dll
    C:\WINDOWS\system32\hljwugsf.bin
    C:\WINDOWS\system32\uoyzsydz.exe 
    C:\WINDOWS\portsv.exe
    C:\WINDOWS\yoursearchnet_com.exe
    C:\WINDOWS\b2new.exe
    C:\Documents and Settings\JUSTIN EDWARDS\Desktop\Unused Desktop Shortcuts\antispystorm_setup.exe
    C:\Program Files\America Online 9.0\Jiti\toolbr.exe 
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\*.*
    C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
--------------------
After that please post a new dss log and the OT Move it log.
Also ket me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Mieng

Mieng
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Aiken, SC
  • Local time:09:06 AM

Posted 30 July 2008 - 10:01 PM

OK, that was pretty easy...The laptop is running much better but still boots up rather slow. This may be a function of the relatively small amount of RAM on it by today's standards. Believe it only has half Gig, but that is normally enough for XP isn't it? Looks like he tried to install 2 different antivirus programs, maybe that is also causing the slow boot process. The user is a about to start college in the fall and one of the requirements that they have is that he have some sort of anti-virus on it. If he does not have one, I believe that they will load a free copy McAfee if the student's machine does not have an AV program installed. I would be tempted to remove the AOL Security Center and the Norton that does not appear to be fully installed and licensed. What do you think ?

What next ? Really appreciate your patience and assistance....Very pleased with your advice so far.....This malware stuff is very nasty business....

Mike "E"

here are the logs.

OTMoveIT2 log

File/Folder C:\WINDOWS\sistem.exe not found.
File/Folder C:\WINDOWS\quicken.exe not found.
File/Folder C:\WINDOWS\qttasks.exe not found.
File/Folder C:\WINDOWS\olehelp.exe not found.
File/Folder C:\WINDOWS\mssys.exe not found.
File/Folder C:\WINDOWS\msconfd.dll not found.
File/Folder C:\WINDOWS\iexplorer.exe not found.
File/Folder C:\WINDOWS\explore.exe not found.
File/Folder C:\WINDOWS\editpad.exe not found.
File/Folder C:\WINDOWS\ctrlpan.dll not found.
File/Folder C:\WINDOWS\avpcc.dll not found.
File/Folder C:\WINDOWS\systemcritical.exe not found.
File/Folder C:\WINDOWS\notepad32.exe not found.
File/Folder C:\WINDOWS\waol.exe not found.
File/Folder C:\WINDOWS\rundll16.exe not found.
File/Folder C:\WINDOWS\loader.exe not found.
File/Folder C:\WINDOWS\iedll.exe not found.
File/Folder C:\WINDOWS\y.exe not found.
File/Folder C:\WINDOWS\xplugin.dll not found.
File/Folder C:\WINDOWS\winmgnt.exe not found.
File/Folder C:\WINDOWS\window.exe not found.
File/Folder C:\WINDOWS\winajbm.dll not found.
File/Folder C:\WINDOWS\win64.exe not found.
File/Folder C:\WINDOWS\users32.exe not found.
File/Folder C:\WINDOWS\systeem.exe not found.
File/Folder C:\WINDOWS\mtwirl32.dll not found.
File/Folder C:\WINDOWS\clrssn.exe not found.
File/Folder C:\WINDOWS\accesss.exe not found.
File/Folder C:\WINDOWS\x.exe not found.
File/Folder C:\WINDOWS\msupdate.exe not found.
File/Folder C:\Program Files\AntispyStorm not found.
File/Folder C:\WINDOWS\win32e.exe not found.
File/Folder C:\WINDOWS\time.exe not found.
File/Folder C:\WINDOWS\svcinit.exe not found.
File/Folder C:\WINDOWS\svchost32.exe not found.
File/Folder C:\WINDOWS\searchword.dll not found.
File/Folder C:\WINDOWS\mswsc20.dll not found.
File/Folder C:\WINDOWS\mswsc10.dll not found.
File/Folder C:\WINDOWS\msspi.dll not found.
File/Folder C:\WINDOWS\internet.exe not found.
File/Folder C:\WINDOWS\inetinf.exe not found.
File/Folder C:\WINDOWS\helpcvs.exe not found.
File/Folder C:\WINDOWS\gfmnaaa.dll not found.
File/Folder C:\WINDOWS\funny.exe not found.
File/Folder C:\WINDOWS\funniest.exe not found.
File/Folder C:\WINDOWS\explorer32.exe not found.
File/Folder C:\WINDOWS\dnsrelay.dll not found.
File/Folder C:\WINDOWS\directx32.exe not found.
File/Folder C:\WINDOWS\ctfmon32.exe not found.
File/Folder C:\WINDOWS\cpan.dll not found.
File/Folder C:\WINDOWS\system32\hljwugsf.bin not found.
File/Folder C:\WINDOWS\system32\uoyzsydz.exe not found.
File/Folder C:\WINDOWS\portsv.exe not found.
File/Folder C:\WINDOWS\yoursearchnet_com.exe not found.
File/Folder C:\WINDOWS\b2new.exe not found.
C:\Documents and Settings\JUSTIN EDWARDS\Desktop\Unused Desktop Shortcuts\antispystorm_setup.exe moved successfully.
C:\Program Files\America Online 9.0\Jiti\toolbr.exe moved successfully.
< C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\*.* >
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11C71791.htm moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25D8150A.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\412F3568.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6F524695.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7456193D.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\748D62FF.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\749760F5.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\749E34ED.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74A15EEA.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74A732E3.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AB5CDF.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AE06DC.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74B130D8.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74B55AD4.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7613402E.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76166A2B.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761A1427.exe moved successfully.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761D3E23.exe moved successfully.
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_222831


Now here is the DSS.exe log

Deckard's System Scanner v20071014.68
Run by JOHN EDWARDS on 2008-07-30 22:51:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as JOHN EDWARDS.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:07, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\JOHN EDWARDS\Desktop\dss.exe
C:\DOCUME~1\JOHNED~1\Desktop\HJT\JOHNED~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpnotebook-icon
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2330898977-2185181241-4097508534-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'JUSTIN EDWARDS')
O4 - HKUS\S-1-5-21-2330898977-2185181241-4097508534-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JUSTIN EDWARDS')
O4 - HKUS\S-1-5-21-2330898977-2185181241-4097508534-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'JUSTIN EDWARDS')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12047 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-29 21:56:47 0 d-------- C:\Documents and Settings\JOHN EDWARDS\Application Data\Sun
2008-07-29 19:56:19 0 d-------- C:\Documents and Settings\JUSTIN EDWARDS\Application Data\Malwarebytes
2008-07-29 17:11:31 0 d-------- C:\cmdcons
2008-07-29 17:09:35 68096 --a------ C:\WINDOWS\zip.exe
2008-07-29 17:09:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-29 17:09:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-29 17:09:35 98816 --a------ C:\WINDOWS\sed.exe
2008-07-29 17:09:35 80412 --a------ C:\WINDOWS\grep.exe
2008-07-29 17:09:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-29 17:09:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-29 17:09:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-29 16:06:39 0 d-------- C:\Documents and Settings\JOHN EDWARDS\Application Data\Malwarebytes
2008-07-29 16:06:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 16:06:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 15:04:21 4752 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-29 15:03:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-29 15:03:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-29 15:03:37 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-29 15:03:37 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-29 15:03:37 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-29 15:03:37 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-29 15:03:37 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-29 15:03:37 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-29 01:02:25 0 d-------- C:\Program Files\Lavasoft
2008-07-29 01:02:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-29 01:00:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 22:55:29 0 d-------- C:\Program Files\Norton Personal Firewall
2008-07-23 16:44:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 11:26:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-23 11:25:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-23 10:26:39 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-23 09:32:19 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-23 09:32:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-23 09:32:19 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-23 09:32:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-23 09:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-23 09:32:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-23 09:32:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-23 09:32:18 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-23 09:32:18 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-23 09:32:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-23 09:32:17 3407872 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-23 08:47:45 0 d-------- C:\WINDOWS\pss
2008-07-22 22:39:47 0 d-------- C:\Nexon
2008-07-16 07:54:13 0 --a------ C:\Documents and Settings\JUSTIN EDWARDS\jagex_runescape_preferences.dat
2008-07-06 12:01:27 0 d-------- C:\WINDOWS\network diagnostic
2008-07-06 05:23:57 0 d-------- C:\Documents and Settings\JUSTIN EDWARDS\Application Data\InterVideo


-- Find3M Report ---------------------------------------------------------------

2008-07-30 22:35:15 0 d-------- C:\Program Files\Common Files
2008-07-30 19:47:05 0 d-------- C:\Program Files\Norton Internet Security
2008-07-29 22:33:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 22:13:53 0 d-------- C:\Program Files\Java
2008-07-29 00:37:04 0 d-------- C:\Program Files\Pure Networks
2008-07-28 02:38:29 0 d-------- C:\Program Files\Norton Security Scan
2008-07-25 07:06:45 0 d-------- C:\Program Files\AOL Toolbar
2008-07-23 12:35:02 0 d-------- C:\Program Files\Zone.com Deluxe Games
2008-06-20 09:46:15 0 d-------- C:\Program Files\Disney
2008-05-18 21:01:31 0 -rahs---- C:\MSDOS.SYS
2008-05-18 21:01:31 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/22/2007 06:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [09/22/2007 06:06]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/22/2007 06:06]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/22/2007 06:06]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [09/22/2007 06:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/22/2007 06:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/29/2005 09:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 17:32]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [09/22/2007 03:21]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/03/2004 16:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [09/22/2007 03:21]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [09/22/2007 03:21]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [02/27/2003 05:31]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [04/07/2006 13:58]
"HostManager"="C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe" [09/22/2007 06:06]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe" [09/22/2007 06:06]
"sscRun"="C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe" [09/22/2007 03:21]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/07/2004 12:07]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [09/17/2007 22:59]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 19:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 19:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/29/2008 23:04]

C:\Documents and Settings\JOHN EDWARDS\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [6/23/2004 3:23:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [8/20/2007 3:05:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-30 22:52:51 ------------

Attached Files


Edited by Mieng, 30 July 2008 - 10:14 PM.


#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 31 July 2008 - 12:43 PM

I would be tempted to remove the AOL Security Center and the Norton that does not appear to be fully installed and licensed. What do you think ?

Yes remove the AOL security it is garbage in my opinion.
Also remove Norton another piece of garbage in my opinion.

My advice is to install AVG Free 8.0 it is very effective and it user friendly.
But only install it after removing the present Antivirus programs.

The link is here > AVG free 8.0
Note this is free antispyware protection and Antivirus protection
===============================================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187589249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1187589249\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2330898977-2185181241-4097508534-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'JUSTIN EDWARDS')
O4 - HKUS\S-1-5-21-2330898977-2185181241-4097508534-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'JUSTIN EDWARDS')



Now click on Fix Checked and then close Hijackthis.
(Note these are all optional except for this entry >O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) it has to go.
The others can be started manually it should help with the speed of things.)
=======================================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:06 AM

Posted 16 August 2008 - 08:20 AM

You are welcome :thumbsup:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users