Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Please? Here's The Dss Logs


  • This topic is locked This topic is locked
4 replies to this topic

#1 xxDescendingxx

xxDescendingxx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 04 August 2008 - 11:50 AM

Hi, i have downloaded DSS and run Hijack this, here are the reports.
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: IntelŪ PentiumŪ 4 CPU 2.40GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1535 MiB / 1057.05 MiB
Pagefile Memory (total/avail): 1772.52 MiB / 1364.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.58 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.84 GiB total, 0.72 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 76.32 GiB total, 46.62 GiB free.

.PHYSICALDRIVE1 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 76.32 GiB - F:

.PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 55.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:Program FilesAIMaim.exe"="C:Program FilesAIMaim.exe:*:Enabled:AOL Instant Messenger"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesYahoo!MessengerYPager.exe"="C:Program FilesYahoo!MessengerYPager.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesStarcraftstarcraft.exe"="C:Program FilesStarcraftstarcraft.exe:*:Enabled:Starcraft"
"C:Program FilesWarcraft IIIwar3.exe"="C:Program FilesWarcraft IIIwar3.exe:*:Enabled:Warcraft III"
"C:Program FilesSteamSteam.exe"="C:Program FilesSteamSteam.exe:*:Enabled:Steam"
"C:Program FilesSteamSteamAppsdarklighter353@hotmail.comday of defeathl.exe"="C:Program FilesSteamSteamAppsdarklighter353@hotmail.comday of defeathl.exe:*:Enabled:Half-Life Launcher"
"C:Program FilesSteamSteamAppsdarklighter353@hotmail.comcounter-strikehl.exe"="C:Program FilesSteamSteamAppsdarklighter353@hotmail.comcounter-strikehl.exe:*:Enabled:Half-Life Launcher"
"C:Program FilesCall of DutyCoDMP.exe"="C:Program FilesCall of DutyCoDMP.exe:*:Enabled:CoDMP"
"C:Program FilesEA GAMESMOHAAmoh_spearhead.exe"="C:Program FilesEA GAMESMOHAAmoh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:Program FilesEA GAMESMOHAAfpupdate.exe"="C:Program FilesEA GAMESMOHAAfpupdate.exe:*:Enabled:fpupdate"
"C:Program FilesMicrosoft GamesFreelancerEXEFreelancer.exe"="C:Program FilesMicrosoft GamesFreelancerEXEFreelancer.exe:*:Enabled:Freelancer"
"C:Program FilesUbisoftXIIIsystemXIII.exe"="C:Program FilesUbisoftXIIIsystemXIII.exe:*:Enabled:XIII"
"C:Program FilesCommon FilesPocketSoftRTPatchAutoRTPartpschd.exe"="C:Program FilesCommon FilesPocketSoftRTPatchAutoRTPartpschd.exe:*:Enabled:artpschd"
"C:Program FilesWorld of WarcraftWoW-1.4.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesDiablo IIGame.exe"="C:Program FilesDiablo IIGame.exe:*:Enabled:Diablo II"
"C:Program FilesEA GAMESBattlefield Vietnambfvietnam.exe"="C:Program FilesEA GAMESBattlefield Vietnambfvietnam.exe:*:Enabled:bfvietnam"
"C:Program FilessoftnyxGunboundWCGunBound.gme"="C:Program FilessoftnyxGunboundWCGunBound.gme:*:Enabled:GunBound"
"C:Program FilesMicrosoft GamesDungeon SiegeDSLOA.exe"="C:Program FilesMicrosoft GamesDungeon SiegeDSLOA.exe:*:Enabled:Dungeon Siege: Legends of Aranna Game Executable"
"C:NeverwinterNightsNWNnwmain.exe"="C:NeverwinterNightsNWNnwmain.exe:*:Enabled:Neverwinter Nights"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Disabled:Firefox"
"C:Program FilesSierraHomeworld2BinReleaseHomeworld2.exe"="C:Program FilesSierraHomeworld2BinReleaseHomeworld2.exe:*:Enabled:Homeworld2"
"C:Program FilesSteamSteamAppsseather_marqx0counter-strike sourcehl2.exe"="C:Program FilesSteamSteamAppsseather_marqx0counter-strike sourcehl2.exe:*:Enabled:hl2"
"C:Documents and SettingsDerek PlummerDesktopGhost_Multi-player2005-downloader.exe"="C:Documents and SettingsDerek PlummerDesktopGhost_Multi-player2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsDerek PlummerDesktopE32004Ghost-downloader.exe"="C:Documents and SettingsDerek PlummerDesktopE32004Ghost-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesReality PumpEarth 2160Earth2160_NO_SSE.exe"="C:Program FilesReality PumpEarth 2160Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
"C:Program FilesReality PumpEarth 2160Earth2160_SSE.exe"="C:Program FilesReality PumpEarth 2160Earth2160_SSE.exe:*:Enabled:Earth 2160"
"C:Program FilesWorld of WarcraftWoW-1.7.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:WINDOWSSYSTEM32dpnsvr.exe"="C:WINDOWSSYSTEM32dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:Program FilesBitTorrentbtdownloadgui.exe"="C:Program FilesBitTorrentbtdownloadgui.exe:*:Enabled:btdownloadgui"
"C:Program FilesTHQDawn of War - Winter Assault DemoWinterAssault.exe"="C:Program FilesTHQDawn of War - Winter Assault DemoWinterAssault.exe:*:Enabled:WinterAssault"
"C:Program FilesWorld of WarcraftWoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:StubInstaller.exe"="C:StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:Program FilesWorld of WarcraftWoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesAmerica's ArmySystemArmyOps.exe"="C:Program FilesAmerica's ArmySystemArmyOps.exe:*:Enabled:ArmyOps"
"C:Program FilesWorld of WarcraftWoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesSteamSteamAppsseather_marqx0half-life 2 deathmatchhl2.exe"="C:Program FilesSteamSteamAppsseather_marqx0half-life 2 deathmatchhl2.exe:*:Enabled:hl2"
"C:Program FilesSteamSteamAppsseather_marqx0day of defeat sourcehl2.exe"="C:Program FilesSteamSteamAppsseather_marqx0day of defeat sourcehl2.exe:*:Enabled:hl2"
"C:Program FilesMicrosoft GamesAge of Empires IIIage3.exe"="C:Program FilesMicrosoft GamesAge of Empires IIIage3.exe:*:Enabled:Age of Empires 3"
"C:Program FilesWorld of WarcraftWoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:Program FilesWorld of WarcraftBackgroundDownloader.exe"="C:Program FilesWorld of WarcraftBackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesBitTorrentbittorrent.exe"="C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent"
"C:Program FilesAzureusAzureus.exe"="C:Program FilesAzureusAzureus.exe:*:Enabled:Azureus"
"C:Program FilesWorld of WarcraftWoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesAIMaim.exe"="C:Program FilesAIMaim.exe:*:Enabled:AOL Instant Messenger"
"C:Program FilesAresAres.exe"="C:Program FilesAresAres.exe:*:Enabled:Ares"
"C:Program FilesWorld of WarcraftWoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesWorld of WarcraftWoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-2.0.3-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader"
"C:Program FilesWorld of WarcraftWoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesAIM6aim6.exe"="C:Program FilesAIM6aim6.exe:*:Enabled:AIM"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesAres UltraAres Ultra.exe"="C:Program FilesAres UltraAres Ultra.exe:*:Enabled:Ares Ultra p2p for windows"
"C:Program FilesSteamsteamappsdarklighter353@hotmail.comhalf-lifehl.exe"="C:Program FilesSteamsteamappsdarklighter353@hotmail.comhalf-lifehl.exe:*:Enabled:Half-Life Launcher"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users.WINDOWS
APPDATA=C:Documents and SettingsDerek PlummerApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_01libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DEREK
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsDerek Plummer
LOGONSERVER=DEREK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesATI TechnologiesATI.ACECore-Static;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_01libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1DEREKP~1LOCALS~1Temp
TMP=C:DOCUME~1DEREKP~1LOCALS~1Temp
USERDOMAIN=DEREK
USERNAME=Derek Plummer
USERPROFILE=C:Documents and SettingsDerek Plummer
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Derek Plummer (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{7091313D-50F2-466A-9DDD-B5EE939867B2}
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu" -c"C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll"
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashUninstFl.exe -q
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AGEIA PhysX v6.10.05 --> MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
AIM 6 --> C:Program FilesAIM6uninst.exe
AOL Instant Messenger --> C:Program FilesAIMuninstll.exe -LOG= C:Program FilesAIMinstall.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI - Software Uninstall Utility --> C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe" -l0x336d
ATI Control Panel --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver --> rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
Counter-Strike --> "C:Program FilesSteamsteam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:Program FilesSteamsteam.exe" steam://uninstall/240
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Day of Defeat --> "C:Program FilesSteamsteam.exe" steam://uninstall/30
Day of Defeat: Source --> MsiExec.exe /I{7E18C9F0-1262-4AF6-AC3D-9CB1EBF54772}
Dell ResourceCD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D78653C3-A8FF-415F-92E6-D774E634FF2D}setup.exe"
Diablo II --> C:WINDOWSDIIUnin.exe C:WINDOWSDIIUnin.dat
Diablo II --> C:WINDOWSDIIUnin.exe C:WINDOWSDIIUnin.dat
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
iPod for Windows 2006-03-23 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Updater 2004-08-06 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033
iPodRip --> MsiExec.exe /I{B1B3A995-2FA8-46F1-9C3F-B3913CD0C3D4}
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Logitech iTouch Software --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{036AA4D4-6D32-11D4-9875-00105ACE7734}setup.exe" UNINSTALL
Logitech User's Guide --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{CBE0FCA1-4E95-11D4-9875-00105ACE7734}Setup.exe" UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:WINDOWSSYSTEM32MacromedSHOCKW~2UNWISE.EXE C:WINDOWSSYSTEM32MacromedSHOCKW~2Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Data Access Components KB870669 --> C:WINDOWSmuninst.exe C:WINDOWSINFKB870669.inf
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:Program FilesMicrosoft Works Suite 2003SetupLauncher.exe D:
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
MouseWare 9.41 .3 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe" -l0009 UNINSTALL
Mozilla Firefox (2.0.0.16) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Toolbar --> C:Program FilesMSN AppsMSN ToolbarMSN Toolbar01.02.5000.1021en-usmtbs.exe c
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA Drivers --> C:WINDOWSsystem32nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Shockwave --> C:WINDOWSSYSTEM32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSSYSTEM32MacromedSHOCKW~1Install.log
Spybot - Search & Destroy --> "C:Program FilesSpybot - Search & Destroyunins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:WINDOWSunins000.exe"
Starcraft --> C:WINDOWSSCunin.exe C:WINDOWSSCunin.dat
Steam --> C:PROGRA~1SteamUNWISE.EXE C:PROGRA~1SteamINSTALL.LOG
Team Fortress Classic --> "C:Program FilesSteamsteam.exe" steam://uninstall/20
Touch Manager (PS/2 Compact Ergonomic Keyboard) --> skuninst.exe SK_PS2InternetCompactKeyboard
Turtle Beach Santa Cruz --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{CD5A6B33-586E-42BA-A962-7D60C2766EBF} /l1033
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:WINDOWSWar3Unin.exe C:WINDOWSWar3Unin.dat
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
Wireless-G PCI Adapter --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{88742616-A6E9-4C7E-9665-B625799541FB}Setup.exe" -l0x9
World of Warcraft --> C:Program FilesCommon FilesBlizzard EntertainmentWorld of WarcraftUninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7113 / Warning
Event Submitted/Written: 08/03/2008 01:58:45 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7112 / Error
Event Submitted/Written: 08/03/2008 07:46:28 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 132223979.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type7110 / Error
Event Submitted/Written: 08/03/2008 07:46:10 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application winlogon.exe, version 0.0.0.0, faulting module wdmaud.drv, version 5.1.2600.2180, fault address 0x00004678.
Error in creating result PEAP-TLV in response to received PEAP-TLV (winlogon.exe!ld!)

Event Record #/Type7106 / Error
Event Submitted/Written: 08/03/2008 07:42:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module wdmaud.drv, version 5.1.2600.2180, fault address 0x00004678.
Processing media-specific event for [!ws!]

Event Record #/Type7098 / Warning
Event Submitted/Written: 08/02/2008 08:53:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type829453 / Warning
Event Submitted/Written: 08/04/2008 09:14:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DEREK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEREK27 can't undo changes that you allow.

For more information please see the following:
%DEREK275

Scan ID: {752BAED0-8872-475A-B6D4-C66864BE231C}

User: DEREKDerek Plummer

Name: %DEREK271

ID: %DEREK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DEREK276

Alert Type: %DEREK278

Detection Type: 1.1.1593.02

Event Record #/Type829452 / Warning
Event Submitted/Written: 08/04/2008 09:14:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DEREK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEREK27 can't undo changes that you allow.

For more information please see the following:
%DEREK275

Scan ID: {DA671F92-2B97-44A8-A55D-9F48C4FFC2D8}

User: DEREKDerek Plummer

Name: %DEREK271

ID: %DEREK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DEREK276

Alert Type: %DEREK278

Detection Type: 1.1.1593.02

Event Record #/Type829451 / Warning
Event Submitted/Written: 08/04/2008 09:14:41 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DEREK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEREK27 can't undo changes that you allow.

For more information please see the following:
%DEREK275

Scan ID: {E2E6FE27-D76C-4759-8268-C8710A89E7D3}

User: DEREKDerek Plummer

Name: %DEREK271

ID: %DEREK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DEREK276

Alert Type: %DEREK278

Detection Type: 1.1.1593.02

Event Record #/Type829450 / Warning
Event Submitted/Written: 08/04/2008 09:14:39 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DEREK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEREK27 can't undo changes that you allow.

For more information please see the following:
%DEREK275

Scan ID: {CEB484BF-7ECD-44CB-82C9-145232BE9954}

User: DEREKDerek Plummer

Name: %DEREK271

ID: %DEREK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DEREK276

Alert Type: %DEREK278

Detection Type: 1.1.1593.02

Event Record #/Type829449 / Warning
Event Submitted/Written: 08/04/2008 09:14:39 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DEREK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DEREK27 can't undo changes that you allow.

For more information please see the following:
%DEREK275

Scan ID: {A7F8FBE2-49A3-4934-AABC-461D8C2A467B}

User: DEREKDerek Plummer

Name: %DEREK271

ID: %DEREK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DEREK276

Alert Type: %DEREK278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-08-04 09:15:15 ------------

main.txt.:
Deckard's System Scanner v20071014.68
Run by Derek Plummer on 2008-08-04 09:08:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-08-04 16:08:51 UTC - RP1685 - Deckard's System Scanner Restore Point
33: 2008-08-04 06:46:47 UTC - RP1684 - System Checkpoint
32: 2008-08-03 03:03:25 UTC - RP1683 - Software Distribution Service 3.0
31: 2008-08-03 02:27:27 UTC - RP1682 - Restore Operation
30: 2008-08-03 02:15:56 UTC - RP1681 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-08 18:08:13 UTC - RP1652 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.72 GiB (less than 15%) free.


-- HijackThis (run as Derek Plummer.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:30 AM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32SK6200dm.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSYSTEM32tbctray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesiPodbiniPodService.exe
C:Documents and SettingsDerek PlummerDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1Derek Plummer.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST01.03.0000.1005en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN ToolbarMSN Toolbar01.02.5000.1021en-usmsntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN ToolbarMSN Toolbar01.02.5000.1021en-usmsntb.dll
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [AceGain LiveUpdate] C:Program FilesAceGainLiveUpdateLiveUpdate.exe
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [Hot Key Kbd 2690 Daemon] SK6200dm.exe
O4 - HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [EM_EXEC] C:PROGRA~1MOUSEW~1SYSTEMEM_EXEC.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [TraySantaCruz] C:WINDOWSSYSTEM32tbctray.exe
O4 - HKCU..Run: [BitTorrent] "C:Program FilesBitTorrentbittorrent.exe" --force_start_minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe -quiet
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

--
End of file - 8847 bytes

-- HijackThis Fixed Entries (C:PROGRA~1TRENDM~1HIJACK~1backups) -----------

backup-20080804-085957-886 O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:windowssystem32driversomci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 enodpl - c:windowssystem32driversenodpl.sys
R2 tandpl - c:windowssystem32driverstandpl.sys

S3 npkcrypt - c:program filessoftnyxgunboundnpkcrypt.sys (file missing)
S3 vtdg46xx - c:program filesturtle beachsanta cruzcontrol panelvtdg46xx.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCIVEN_14F1&DEV_2702&SUBSYS_8D891028&REV_014&3B1CAF2B&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCIVEN_14F1&DEV_2702&SUBSYS_8D891028&REV_014&3B1CAF2B&0&08F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCIVEN_8086&DEV_1039&SUBSYS_01421028&REV_814&3B1CAF2B&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCIVEN_8086&DEV_1039&SUBSYS_01421028&REV_814&3B1CAF2B&0&40F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 08:55:29 330 --ah----- C:WINDOWSTasksMP Scheduled Scan.job
2008-07-25 17:46:01 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 08:55:26 0 d-------- C:Program FilesTrend Micro
2008-08-02 16:00:06 73728 -r------- C:WINDOWSsystem32psProxy.dll <Not Verified; www.pocketsoap.com; psProxy>
2008-08-02 16:00:06 380928 -r------- C:WINDOWSsystem32pSOAP32.dll <Not Verified; Simon Fell; PocketSOAP>
2008-08-02 16:00:06 110676 -r------- C:WINDOWSsystem32psDime.dll <Not Verified; pocketsoap.com; Attachments Module>
2008-08-02 16:00:06 188416 -r------- C:WINDOWSsystem32pocketHTTP.dll <Not Verified; Simon Fell; Pocket HTTP>
2008-07-24 15:33:42 18468 --a------ C:WINDOWSDIIUnin.dat
2008-07-24 15:33:40 2829 --a------ C:WINDOWSDIIUnin.pif
2008-07-24 15:33:39 94208 --a------ C:WINDOWSDIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-07-24 15:21:29 0 d-------- C:Program FilesDiablo II
2008-07-23 08:26:46 0 d-------- C:Documents and SettingsDerek Plummerstorage


-- Find3M Report ---------------------------------------------------------------

2008-07-31 21:43:33 0 d-------- C:Program FilesWorld of Warcraft
2008-07-31 10:25:10 0 d-------- C:Program FilesWarcraft III
2008-07-24 15:40:14 21840 --a-----t C:WINDOWSsystem32SIntfNT.dll
2008-07-24 15:40:14 17212 --a-----t C:WINDOWSsystem32SIntf32.dll
2008-07-24 15:40:14 12067 --a-----t C:WINDOWSsystem32SIntf16.dll
2008-07-24 15:17:41 0 d--h----- C:Program FilesInstallShield Installation Information
2008-07-24 15:16:13 0 d-------- C:Program FilesEA GAMES
2008-07-22 11:51:17 1552 --a------ C:WINDOWSeReg.dat
2008-07-22 11:50:51 729088 --a------ C:WINDOWSiun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-07-18 18:51:35 0 d-------- C:Program FilesSteam
2008-07-17 11:58:52 0 d-------- C:Program FilesJava
2008-07-01 08:34:11 77371 --a------ C:WINDOWSWar3Unin.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [06/10/2008 04:27 AM]
"AceGain LiveUpdate"="C:Program FilesAceGainLiveUpdateLiveUpdate.exe" []
"Microsoft Works Update Detection"="C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe" [07/16/2002 06:21 AM]
"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [06/28/2005 09:05 PM]
"DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [08/22/2004 05:05 PM]
"1A:Stardock TrayMonitor"="" []
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [11/03/2006 07:20 PM]
"Hot Key Kbd 2690 Daemon"="SK6200dm.exe" [02/07/2002 08:45 AM C:WINDOWSSYSTEM32SK6200dm.exe]
"StartCCC"="C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [11/10/2006 12:35 PM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [07/31/2007 06:44 PM]
"zBrowser Launcher"="C:Program FilesLogitechiTouchiTouch.exe" [10/09/2001 01:59 AM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:WINDOWSSYSTEM32nwiz.exe]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [10/22/2006 12:22 PM]
"EM_EXEC"="C:PROGRA~1MOUSEW~1SYSTEMEM_EXEC.EXE" [10/09/2001 09:41 AM]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [10/22/2006 12:22 PM]
"TraySantaCruz"="C:WINDOWSSYSTEM32tbctray.exe" [04/03/2002 09:47 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"BitTorrent"="C:Program FilesBitTorrentbittorrent.exe" []
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 12:56 AM]
"Aim6"="" []
"Yahoo! Pager"="C:Program FilesYahoo!Messengerypager.exe" []
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunservices]
"1A:Stardock TrayMonitor"=

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"NVSvc"=2 (0x2)
"TapiSrv"=3 (0x3)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8736 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-04 09:15:15 ------------

I apologize for not posting the infection that I am currently dealing with, however I am not totally sure myself. I would suspect trojans are the main problem as well as spyware, i apologize once again.

am currently running a Kaspersky scan, will post it when it's complete.

Here is the Kaspersky scan results:

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 15:02:13
Records in database: 1053042
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:
C:
D:
E:
F:
Scan statistics
Files scanned 116036
Threat name 17
Infected objects 75
Suspicious objects 0
Duration of the scan 02:33:59

File name Threat name Threats count
C:DeckardSystem ScannerbackupDOCUME~1DEREKP~1LOCALS~1Tempk2q65id2.exe Infected: Trojan-Downloader.Win32.IstBar.ja 1
C:Documents and SettingsDerek PlummerApplication DataSunJavaDeploymentcache6.0393a99d727-33d1a3a0 Infected: Trojan-Downloader.Java.OpenStream.w 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP298A0068263.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP308A0070610.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP309A0070812.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP310A0070883.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP310A0070991.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP310A0071082.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP312A0072223.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP312A0072233.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP312A0072240.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP321A0072752.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP322A0072772.exe Infected: not-a-virus:AdWare.Win32.SaveNow.s 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP323A0072841.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP325A0073024.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP325A0073029.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP326A0073043.exe Infected: Trojan-Downloader.Win32.VB.aa 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP326A0073043.exe Infected: Trojan.Win32.Revop.c 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP328A0073160.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP328A0073165.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP329A0073224.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP329A0073229.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP330A0073267.exe Infected: Trojan-Downloader.Win32.VB.aa 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP330A0073267.exe Infected: Trojan.Win32.Revop.c 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP332A0073359.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP332A0073364.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP335A0073781.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP335A0073786.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP336A0073830.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP336A0073835.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP337A0073850.dll Infected: not-a-virus:AdWare.Win32.Apropos.z 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP337A0073874.dll Infected: not-a-virus:AdWare.Win32.ClientMan 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP337A0073875.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP337A0073876.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP338A0073897.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP338A0073928.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP338A0073936.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP338A0073937.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP338A0073945.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP339A0073983.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP339A0073984.exe Infected: not-a-virus:AdWare.Win32.Wintol.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP340A0074080.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP341A0074253.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.g 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP341A0074294.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP351A0075041.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP353A0075156.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP353A0075193.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP355A0075374.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP356A0075385.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP356A0075386.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP356A0075391.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075425.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075426.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075444.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075449.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075462.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP357A0075463.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP359A0075487.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP359A0075521.exe Infected: Trojan-Downloader.Win32.VB.aa 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP359A0075521.exe Infected: Trojan-Downloader.Win32.Agent.ab 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP359A0075525.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP359A0075526.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP360A0075536.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP360A0075548.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP360A0075549.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP360A0075557.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP361A0075576.exe Infected: not-a-virus:AdWare.Win32.Apropos.x 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076589.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076590.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076597.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076628.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076629.exe Infected: Trojan-Downloader.Win32.Wintool.d 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076635.dll Infected: Trojan-Downloader.Win32.Apropo.l 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076639.dll Infected: Trojan-Downloader.Win32.Apropo.bm 1
C:System Volume Information_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}RP362A0076640.exe Infected: Trojan-Downloader.Win32.Apropo.bg 1
The selected area was scanned.

Merged posts. ~ OB

Edited by Orange Blossom, 04 August 2008 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:58 AM

Posted 15 August 2008 - 11:53 PM

Hello xxDescendingxx,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 xxDescendingxx

xxDescendingxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 19 August 2008 - 10:38 AM

Here is the updated HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:22 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\SK6200dm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK6200dm.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8996 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:58 AM

Posted 19 August 2008 - 01:32 PM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!

AVG, Avira OR Avast are good FREE antivirus. Please run a full system scan with the one you chose and let it clean all it finds.

Can you tell me exactly what problems you're having please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:58 AM

Posted 11 September 2008 - 05:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users