Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ex Put Webwatcher? "monitoring Software" On My Desktop


  • This topic is locked This topic is locked
3 replies to this topic

#1 MalAdjusted

MalAdjusted

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 09 August 2008 - 05:16 PM

Per request of Farber, I'm starting a seperate topic for my desktop. Original post was 072908

Thanks in advance for any assistance you can offer!

Ronda

DSS results:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-09 18:01:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-09 22:01:06 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-08-09 16:00:40 UTC - RP2 - Software Distribution Service 3.0
1: 2008-08-08 19:55:32 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:33 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://content.nejm.org
O15 - Trusted Zone: http://www.paypal.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?3471565977390
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175141639906
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} - http://kcusa.dvrsite.net:82/activeX/DvrActiveXSetup.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} (WebRecClient Control) - http://207.201.213.140/webrec.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll,avgrsstx.dll,
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 6320 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\winnt\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\winnt\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\winnt\system32\drivers\el90xbc5.sys (file missing)
S3 iscFlash - c:\winnt\system32\drivers\iscflash.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 USBFVNETA (NETGEAR MA101 USB Adapter) - c:\winnt\system32\drivers\ma101andxp.sys <Not Verified; ATMEL; USB Wireless Network Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)
S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>
S4 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
Device ID: USB\VID_0846&PID_4240\3887-0000
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG111 802.11g Wireless USB2.0 Adapter
PNP Device ID: USB\VID_0846&PID_4240\3887-0000
Service: wg111nd5

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&369939D9&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&369939D9&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&369939D9&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&369939D9&0
Service: i8042prt


-- Process Modules -------------------------------------------------------------

C:\WINNT\system32\winlogon.exe (pid 532)
2006-01-02 23:23:16 3584 --a------ C:\WINNT\system32\wmfhotfix.dll

C:\WINNT\system32\svchost.exe (pid 804)
2006-01-02 23:23:16 3584 --a------ C:\WINNT\system32\wmfhotfix.dll

C:\WINNT\system32\svchost.exe (pid 1056)
2006-01-02 23:23:16 3584 --a------ C:\WINNT\system32\wmfhotfix.dll

C:\WINNT\system32\svchost.exe (pid 1436)
2006-01-02 23:23:16 3584 --a------ C:\WINNT\system32\wmfhotfix.dll

C:\WINNT\explorer.exe (pid 1920)
2006-01-02 23:23:16 3584 --a------ C:\WINNT\system32\wmfhotfix.dll
2007-06-06 19:52:20 240640 --a------ C:\Program Files\Common Files\Motive\McciContextHook_5-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2004-11-19 13:54:26 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 11:00:03 330 --ah----- C:\WINNT\Tasks\MP Scheduled Scan.job
2008-08-09 01:13:00 268 --a------ C:\WINNT\Tasks\Disk Cleanup.job
2008-08-08 22:38:00 316 --a------ C:\WINNT\Tasks\Ad-Aware SE Personal.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2080-01-03 23:48:10 0 d------c- C:\WINNT\system32\DRVSTORE
2080-01-03 23:48:10 0 d-------- C:\Program Files\Broadcom
2080-01-03 23:41:06 0 d-------- C:\swsetup
2080-01-03 23:40:19 0 d-------- C:\Program Files\Intel
2080-01-03 23:04:37 0 d-------- C:\WINNT\Prefetch
2080-01-03 22:56:58 0 d-------- C:\Program Files\Online Services
2008-07-29 22:05:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-29 22:05:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 22:05:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 14:45:09 0 d-------- C:\WINNT\Sun
2008-07-24 14:45:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-24 13:45:31 0 d-------- C:\Program Files\Java
2008-07-24 13:44:45 0 d-------- C:\Program Files\Common Files\Java
2008-07-24 10:31:14 114688 --a------ C:\Fport.exe


-- Find3M Report ---------------------------------------------------------------

2080-01-03 22:55:52 23720 --a------ C:\WINNT\system32\emptyregdb.dat
2008-07-24 13:44:45 0 d-------- C:\Program Files\Common Files
2008-07-02 11:44:59 0 d-------- C:\Program Files\Rts Ticketing
2008-06-24 18:11:46 0 d-------- C:\Program Files\AOL 9.0
2008-06-12 11:37:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-06-12 11:22:32 0 d-------- C:\Program Files\Ahead
2008-06-12 11:22:12 0 d-------- C:\Program Files\Common Files\Ahead


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}"= C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
[HKEY_CLASSES_ROOT\vol_toolbar.VOL_TOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:56 AM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [06/06/2007 07:52 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [07/07/2004 07:44 AM]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [09/20/2005 11:35 AM]
"igfxpers"="C:\WINNT\system32\igfxpers.exe" [09/20/2005 11:36 AM]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [09/20/2005 11:32 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 11:18 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [5/25/2005 9:07:11 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINNT\system32\wmfhotfix.dll,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINNT\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINNT\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
backup=C:\WINNT\pss\America Online Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop 16.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop 16.lnk
backup=C:\WINNT\pss\Desktop 16.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP OfficeJet T Series Startup.lnk
backup=C:\WINNT\pss\HP OfficeJet T Series Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINNT\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINNT\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arma]
C:\Documents and Settings\Administrator\Application Data\swol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1101775136\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINNT\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
"C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lxghnaj]
C:\WINNT\System32\gdsblcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINNT\ServicePackFiles\i386\ronda.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smartexplorer Popup Killer]
SMARTEXPLORER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyBlocs]
C:\PROGRA~1\SpyBlocs\SpyBlocs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PictureTaker"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"WANMiniportService"=2 (0x2)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"Spooler"=2 (0x2)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"QBFCService"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LexBceS"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"idsvc"=3 (0x3)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6540 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-09 18:02:21 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1527.48 MiB / 971.75 MiB
Pagefile Memory (total/avail): 2148.93 MiB / 1864.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 78.13 GiB total, 60.41 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 105.88 GiB free.
E: is Fixed (NTFS) - 74.53 GiB total, 74.46 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200P0 - 189.92 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 78.13 GiB - C:
\PARTITION1 - Installable File System - 111.79 GiB - D:

\\.\PHYSICALDRIVE1 - - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\Desktop 16\\TotalWX.exe"="C:\\Program Files\\Common Files\\Desktop 16\\TotalWX.exe:*:Disabled:TotalWX"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\WINNT\\system32\\mshta.exe"="C:\\WINNT\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Rts Ticketing\\rtsfile.exe"="C:\\Program Files\\Rts Ticketing\\rtsfile.exe:*:Disabled:rtsfile"
"C:\\WINNT\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINNT\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1101775136\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks Pro\
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RONDEE
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\RONDEE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPP
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Intel\DMIX
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONID=1114352321879htx6931b1f800:103cd8489e9:-5d90
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad59220.tmp
USERDOMAIN=RONDEE
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
VERSION=3.0.5.001
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> C:\WINNT\NuNInst.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Broadcom NetXtreme Ethernet Controller --> MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Do More 5.0 --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
eVision MEGApro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB33680-2F53-11D6-BC84-00D0B7E10CD1}\SETUP.EXE"
GeoVision H264 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GX264 132 C:\WINNT\INF\G264.inf
GeoVision MPEG2 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXGM20 132 C:\WINNT\INF\GM20.inf
GeoVision MPEG4 --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GeoCodec 132 C:\WINNT\INF\GEOX.inf
GeoVision MPEG4 ASP --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_GXAMP4 132 C:\WINNT\INF\GMP4.inf
GeoVision RemoteView System --> C:\WINNT\uninst.exe -fC:\RemoteView\DeIsL1.isu
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\inf\GETPLUSo.INF, DefaultUninstall
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark X6100 Series --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MA101 USB Adapter Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B46834CC-141E-11D5-A76F-0030AB007078}\SetUp.EXE"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NETGEAR WG111 Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Panda ActiveScan --> C:\WINNT\system32\ASUninst.exe Panda ActiveScan
PC-Doctor Consumer UI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
PC-Doctor Diagnostics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC-Doctor Services --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickBooks Pro 2007 --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2007" ADDREMOVE=1
QuickBooks Product Listing Service --> MsiExec.exe /I{054C3038-FFAC-446D-9682-E25891DC2E05}
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Remote Playback Client --> C:\WINNT\uninst.exe -fC:\RemotePlayback\DeIsL1.isu
Rts Ticketing 6.0 --> C:\PROGRA~1\RTSTIC~1\UNWISE.EXE C:\PROGRA~1\RTSTIC~1\INSTALL.LOG
Rts Ticketing 7.0 --> C:\PROGRA~1\RTSTIC~1\UNWISE.EXE C:\PROGRA~1\RTSTIC~1\INSTAL~1.LOG
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
User Agent String Utility --> MsiExec.exe /I{9DF095E1-8EC2-4892-8740-93769DB1E944}
Verizon Broadband Toolbar --> C:\Program Files\vol_toolbar\uninstall.exe
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebFldrs XP -->
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINNT\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINNT\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows WMF Metafile Vulnerability HotFix 1.4 --> "C:\Program Files\WindowsMetafileFix\unins000.exe"
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-08-09 18:02:21 ------------

Result of Kaspersky Online Scan:
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 02:14:29
Records in database: 1070895


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics
Files scanned 132354
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 01:45:14

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpitunes_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.
Blessed are the curious, for they shall have many adventures! - Lovelle Drachman

Only the curious will learn and only the resolute overcome the obstacles to learning - Eugene Wilson

I make a difference. What do you make? - Taylor Mali

BC AdBot (Login to Remove)

 


m

#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:11 PM

Posted 23 August 2008 - 09:46 PM

  • Hello and welcome to BC

    We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

    If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

    Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Thanks and again sorry for the delay.

    First
    Seeing its been a number of days since your original scanning with HJT could you please run HJT now and post a fresh HJT log back to this topic please.

    Next

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,


    Next
    Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.[list]
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

    In recap please post back the requested info from above
  • Fresh HJT log
  • Uninstall List
  • Log from the Kaspersky scan


#3 MalAdjusted

MalAdjusted
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 25 August 2008 - 12:17 AM

Hi Don77,

Thank you so much for your offer to help. My system hasn't been properly cleaned and checked, but I've recently been accepted into the hjt training program, and I think I'd like to work through it as part of my learning process. No hard feelings? I hope? :thumbsup:

Warmest Regards,
Ronda
Blessed are the curious, for they shall have many adventures! - Lovelle Drachman

Only the curious will learn and only the resolute overcome the obstacles to learning - Eugene Wilson

I make a difference. What do you make? - Taylor Mali

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:11 PM

Posted 25 August 2008 - 06:25 AM

As you wish :thumbsup:

This topic will be closed per the OP's request, should you need it opened for any reason please pm a member of the HJT team.


Again sorry for it taking some time to get back to you ..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users