Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Severly Infected With Smithfraud, Combofix And Dialers


  • Please log in to reply
1 reply to this topic

#1 bearbugy

bearbugy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 12 August 2008 - 09:26 PM

thansk for your help -- this is an old gateway XP desktop that has become extremely loaded with over 3000 viruses --- i have used the following to clean out but i am still left with several hundred i can't seem to remove your help is appreciated
i have used smithfraud, combofix, adaware, spybot, superantispyware, spywareblaster, a squared free, malwarebytes, sytem mechanics, trendmicro, ca antivirus, f-secure, secunia and others too numerous to list
here are the kaspersky and dss logs


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 11, 2008 05:56:23
Records in database: 1081172
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 78205
Threat name 54
Infected objects 181
Suspicious objects 0
Duration of the scan 01:56:22

File name Threat name Threats count
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\347e3285-7e8bc97d.bac_a04000 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0703558.dll.bac_a00264 Infected: not-a-virus:AdTool.Win32.Zango.c 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709617.dll.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709618.scr.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709621.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709622.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709624.SCR.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709626.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709627.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709630.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709632.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0709633.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714607.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714616.dll.bac_a00264 Infected: Trojan.Win32.Agent.qg 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714621.scr.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714643.dll.bac_a00264 Infected: not-a-virus:AdWare.Win32.ShopAtHome.b 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714649.dll.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714650.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714651.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714652.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714653.SCR.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714654.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714655.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714656.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714657.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714658.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714661.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714662.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714663.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0714664.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.al 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719306.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719307.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719308.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719358.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719359.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719360.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719396.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719397.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0719398.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720546.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720555.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720556.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720557.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720567.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720571.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720572.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720580.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blf 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720581.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.bej 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720582.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720583.exe.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0720584.dll.bac_a03900 Infected: Trojan-Downloader.Win32.Zlob.blj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728827.DLL.bac_a04016 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728828.DLL.bac_a04016 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728829.exe.bac_a04016 Infected: not-a-virus:FraudTool.Win32.VirusBurst.c 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728830.DLL.bac_a04016 Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728831.DLL.bac_a04016 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0728833.DLL.bac_a04016 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729651.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729652.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.bov 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729653.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729655.dll.bac_a04016 Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.d 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729656.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729657.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.bov 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729658.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.bov 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729660.exe.bac_a04016 Infected: not-a-virus:FraudTool.Win32.SpyDawn.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729669.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729673.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729677.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729679.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729682.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.bni 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729683.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.erx 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729688.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729694.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729702.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729703.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729704.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.ang 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729705.exe.bac_a04016 Infected: not-a-virus:Downloader.Win32.WinFixer.l 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0729872.dll.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.iqy 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0730921.exe.bac_a04016 Infected: not-a-virus:Downloader.Win32.WinFixer.l 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0733199.exe.bac_a04000 Infected: Trojan.Win32.DNSChanger.hj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0733285.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bni 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0734755.dll.bac_a04000 Infected: not-a-virus:AdWare.Win32.HotBar.bw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736312.scr.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736315.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736316.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736319.SCR.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736321.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736322.EXE.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736325.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736328.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736330.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0736332.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740231.dll.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.yt 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740232.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740233.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740238.dll.bac_a04000 Infected: not-a-virus:AdWare.Win32.HotBar.bw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740249.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740250.dll.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.yt 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740251.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740253.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740257.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740270.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740328.scr.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740331.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740333.EXE.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740334.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740335.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740338.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740339.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740340.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740343.SCR.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740345.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740346.EXE.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740349.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740352.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740356.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740370.EXE.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0740371.DLL.bac_a04000 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0743461.dll.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.yt 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0743462.dll.bac_a04000 Infected: not-a-virus:AdWare.Win32.Agent.cu 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0743554.dll.bac_a04000 Infected: Trojan-Downloader.Win32.Agent.bkd 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0746180.exe.bac_a04000 Infected: Packed.Win32.PolyCrypt.b 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0746350.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0746352.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.buj 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747406.dll.bac_a04000 Infected: Trojan.Win32.StartPage.aoc 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747407.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747408.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747414.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747415.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747416.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747417.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747418.dll.bac_a04000 Infected: Trojan.Win32.StartPage.aoc 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747419.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0747420.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Zlob.bvp 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0748875.sys.bac_a01744 Infected: Packed.Win32.Tibs.ab 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0751081.exe.bac_a01056 Infected: not-a-virus:AdWare.Win32.HotBar.bt 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0753055.dll.bac_a01056 Infected: not-a-virus:AdWare.Win32.HotBar.bz 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0757772.exe.bac_a01056 Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\count.jar-21f1dc87-16df5569.zip.bac_a04016 Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\count.jar-21f1dc87-16df5569.zip.bac_a04016 Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\ecard.exe.bac_a01744 Infected: Email-Worm.Win32.Zhelatin.fm 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3BROVLY.DLL.bac_a03900 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3HISTSW.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3HTMLMU.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3HTTPCT.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3PSSAVR.SCR.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3RESTUB.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3SCHMON.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\F3WPHOOK.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\java.class-26390b7d-73915db5.class.bac_a04000 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\M3HTML.DLL.bac_a03900 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\M3IDLE.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\M3MSG.DLL.bac_a03900 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\M3OUTLCN.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\M3SKIN.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a00936 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a01056 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a01744 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a02164 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a02760 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a03824 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\magix ringtone maker.rar.bac_a04000 Infected: Backdoor.Win32.Ciadoor.gn 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\MWSBAR.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\MWSOEMON.EXE.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\MWSOEPLG.DLL.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch.al 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\MWSOESTB.DLL.bac_a03900 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\MWSSRCAS.DLL.bac_a03900 Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\pmunst.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Zlob.bni 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\qrzsyr.dll.bac_a03900 Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.b 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\riched20.dll.bac_a00264 Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\setup.exe.bac_a05652 Infected: Trojan-Downloader.Win32.Zlob.fjc 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\setup.exe.bac_a05652 Infected: Trojan-Downloader.Win32.Zlob.fem 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\SkSrv.exe.bac_a01744 Infected: not-a-virus:AdWare.Win32.HotBar.bt 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\SpyCrush 3.2.exe.bac_a04000 Infected: not-a-virus:FraudTool.Win32.SpyCrush.32 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\SpyShredder0.dll.bac_a05652 Infected: not-a-virus:FraudTool.Win32.BraveSentry.f 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\SpyShredder3.dll.bac_a05652 Infected: not-a-virus:FraudTool.Win32.BraveSentry.b 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\tczij.dll.bac_a04000 Infected: Trojan-Clicker.Win32.Agent.jw 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\VideoAccessCodec.ocx.bac_a01056 Infected: Trojan.Win32.Agent.bcu 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\VirusBurster.exe.bac_a03900 Infected: not-a-virus:FraudTool.Win32.VirusBurst.c 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\VT10.exe.bac_a04000 Infected: Trojan-Downloader.Win32.Lookme.g 1
The selected area was scanned.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-11 03:08:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-11 07:08:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 03:11:50
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINNT\system32\ScsiAccess.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINNT\system32\searchindexer.exe
C:\WINNT\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINNT\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINNT\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Blue online beep about] "C:\Documents and Settings\All Users\Application Data\Mixbirdblueonline\second shim.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINNT\system32\nwprovau.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} () - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188711173187
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\incdsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\incdsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess.EXE
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe


--
End of file - 10485 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\winnt\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 aeaudio - c:\winnt\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 mohfilt - c:\winnt\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel® 537EP Modem>
R3 smwdm - c:\winnt\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 LVUSBSta (Logitech USB Monitor Filter) - c:\winnt\system32\drivers\lvusbsta.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\winnt\system32\drivers\lv302af.sys (file missing)
S3 phc700 (USB PC Camera (phc700)) - c:\winnt\system32\drivers\phc700.sys (file missing)
S3 PID_08A0 (Logitech QuickCam IM(PID_08A0)) - c:\winnt\system32\drivers\lv302av.sys (file missing)
S3 PID_PEPI (Logitech QuickCam IM(PID_PEPI)) - c:\winnt\system32\drivers\lv302v32.sys (file missing)
S3 SABProcEnum - c:\program files\common files\aol\1124841208\ee\sabprocenum.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\winnt\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\winnt\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ScsiAccess - c:\winnt\system32\scsiaccess.exe

S2 InCDsrvR (InCD Helper (read only)) - c:\program files\ahead\incd\incdsrv.exe -r <Not Verified; Nero AG; Nero AG incdsrv>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-11 03:00:01 264 --ah----- C:\WINNT\Tasks\A96BCBFA9180438E.job
2008-08-11 03:00:01 264 --ah----- C:\WINNT\Tasks\A95B991091801080.job
2008-08-11 03:00:01 234 --ah----- C:\WINNT\Tasks\A01455329187D41E.job
2008-08-08 17:15:00 394 --a------ C:\WINNT\Tasks\1-Click Maintenance.job
2008-06-25 07:15:41 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-08 01:11:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-08-02 14:46:01 0 d-------- C:\Program Files\iPod
2008-08-02 14:45:45 0 d-------- C:\Program Files\iTunes
2008-08-02 14:12:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-08-02 14:11:49 0 d-------- C:\Program Files\Windows Desktop Search
2008-08-02 14:11:48 0 d-------- C:\WINNT\system32\GroupPolicy
2008-07-18 00:27:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-07-17 18:59:31 2560 --a------ C:\WINNT\_MSRSTRT.EXE
2008-07-17 18:24:17 0 d-------- C:\Program Files\Adobe Media Player
2008-07-17 18:24:11 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-17 16:55:34 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-07-13 19:31:47 0 d-------- C:\WINNT\Prefetch
2008-07-13 19:24:30 0 d-------- C:\WINNT\system32\scripting
2008-07-13 19:24:28 0 d-------- C:\WINNT\system32\en
2008-07-13 19:24:28 0 d-------- C:\WINNT\l2schemas
2008-07-13 17:48:27 0 d-------- C:\Program Files\a-squared Free
2008-07-13 14:27:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-13 14:27:00 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-13 14:27:00 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-12 22:45:57 0 d-------- C:\fsaua.data
2008-07-12 21:16:13 0 d-------- C:\Program Files\EsetOnlineScanner


-- Find3M Report ---------------------------------------------------------------

2008-08-10 23:24:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-08-08 11:43:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 09:52:21 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-17 23:58:50 0 d-------- C:\Program Files\Common Files\AOL
2008-07-17 23:35:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-07-17 20:43:45 0 d-------- C:\Program Files\DC++
2008-07-17 18:39:48 0 d-------- C:\Program Files\Java
2008-07-17 18:24:11 0 d-------- C:\Program Files\Common Files
2008-07-17 16:45:49 0 d-------- C:\Program Files\AIM
2008-07-17 16:45:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2008-07-17 16:42:20 0 d-------- C:\Program Files\InterActual
2008-07-17 16:33:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 19:24:45 0 d-------- C:\Program Files\Messenger
2008-07-13 19:24:27 0 d-------- C:\Program Files\Movie Maker
2008-07-13 19:22:29 0 d-------- C:\Program Files\Windows NT
2008-07-13 18:21:45 0 d-------- C:\Program Files\3B Software
2008-07-13 14:26:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 11:42:43 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-10 19:31:20 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-10 18:52:38 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-10 18:50:26 0 d-------- C:\Program Files\Yahoo!
2008-07-10 15:15:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-10 14:54:06 3026 --a------ C:\WINNT\system32\tmp.reg
2008-07-10 13:45:15 1100 --a------ C:\WINNT\system32\d3d8caps.dat
2008-07-07 23:52:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-07 23:45:53 80384 --a------ C:\history.dat
2008-07-07 23:29:55 0 d-------- C:\Program Files\CA
2008-07-06 21:24:14 0 d-------- C:\Program Files\Lexmark X74-X75
2008-07-06 21:24:13 0 d-------- C:\Program Files\FaxTools
2008-07-06 21:24:11 0 d-------- C:\Program Files\PCFriendly
2008-07-06 21:17:32 0 d-------- C:\Program Files\iolo
2008-07-06 21:15:25 0 d-------- C:\Documents and Settings\Owner\Application Data\iolo
2008-07-04 22:14:11 0 d-------- C:\Program Files\MSN Messenger
2008-07-04 21:21:49 0 d-------- C:\Program Files\Lavasoft
2008-07-04 21:00:32 0 d-------- C:\Program Files\NOS
2008-07-04 20:57:13 203776 --a------ C:\WINNT\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-07-04 20:52:48 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-04 20:37:41 0 d-------- C:\Program Files\Bonjour
2008-07-04 20:37:17 0 d-------- C:\Program Files\QuickTime
2008-07-04 20:28:56 0 d-------- C:\Program Files\Safari
2008-07-04 20:20:50 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-07-04 20:20:22 0 d-------- C:\Program Files\DivX
2008-07-03 03:12:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 09:15:54 664 --a------ C:\WINNT\system32\d3d9caps.dat
2008-06-10 20:07:20 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2008-06-10 20:03:26 196608 --a------ C:\WINNT\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 20:03:26 81920 --a------ C:\WINNT\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 20:03:20 802816 --a------ C:\WINNT\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 20:03:20 823296 --a------ C:\WINNT\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 20:03:20 815104 --a------ C:\WINNT\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 20:03:20 823296 --a------ C:\WINNT\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 20:03:18 683520 --a------ C:\WINNT\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 18:18:54 12288 --a------ C:\WINNT\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 22:33 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
06/02/2008 16:56 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINNT\system32\dumprep 0 -u" []
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [05/28/2003 16:37]
"Blue online beep about"="C:\Documents and Settings\All Users\Application Data\Mixbirdblueonline\second shim.exe" [10/19/2005 21:24]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [07/07/2008 23:39]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [07/07/2008 23:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [04/13/2008 20:12]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/30/2008 14:45]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [12/20/2006 17:47]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINNT\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=C:\WINNT\pss\Photo Loader supervisory.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d18a4e6-f848-11dc-bb08-000cf17efe49}]
AutoRun\command- F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c0d5e8-c530-11dc-ba81-000cf17efe49}]
AutoRun\command- F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96139e80-ba92-11d9-834c-00038a000015}]
AutoRun\command- rundll32.exe url,FileProtocolHandler library.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9717033a-afc2-11dc-ba4f-000cf17efe49}]
AutoRun\command- F:\autostart.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8971 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 03:13:35 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 494.73 MiB / 133.78 MiB
Pagefile Memory (total/avail): 1156.04 MiB / 773.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.69 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 39.41 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BB-53DWA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=POLOVSKY
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\POLOVSKY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=POLOVSKY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINNT\NuNInst.exe /UNINSTALL
--> C:\WINNT\unmrw.exe /UNINSTALL
--> C:\WINNT\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Acrobat.com --> msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINNT\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11 --> C:\WINNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Ahead Nero BurnRights --> C:\WINNT\UNNeroBurnRights.exe /UNINSTALL
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AOL Explorer --> C:\Program Files\Common Files\AOL\1124841208\ee\services\browser\ver1_1_1042\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Art Explosion Greeting Card Factory Express --> MsiExec.exe /X{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
DC++ 0.707 --> "C:\Program Files\DC++\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
ESET Online Scanner --> C:\WINNT\system32\OnlineScannerUninstaller.exe
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSstore --> MsiExec.exe /I{6016734B-42A7-4AEB-9248-1D1E4F69AB52}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FBX for QuickTime 6.0 --> C:\Program Files\Alias\FBX for QuickTime\uninst.exe
Gateway Ink Monitor --> MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Owner\Application Data\HouseCall 6.6\uninstaller.exe"
Intel® 537EP Data Fax Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP Data Fax Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iolo technologies' System Mechanic Professional 6 --> "C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe"
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JBOP 2004-2005 --> C:\PROGRA~1\jbop\UNWISE.EXE C:\PROGRA~1\jbop\INSTALL.LOG
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0005_13812\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LEGO Creator Harry Potter Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FB70A9B-6591-42EB-BD84-6F9C55368E06}\setup.exe"
Lexmark X74-X75 --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINNT\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Working Model Edition --> "C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Motorola Driver Installation --> MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Photo Loader 2.1E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
PICVideo Codecs --> C:\WINNT\System32\UNPICVID2.EXE "PICVideo Codecs Uninstall"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Search Plugin --> C:\DOCUME~1\Owner\APPLIC~1\STOPPI~1\glue peak.exe -uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Spelling Dictionaries Support For Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TechSmith EnSharpen --> C:\Program Files\TechSmith\EnSharpen\UNWISE.EXE /U /Z "C:\Program Files\TechSmith\EnSharpen\INSTALL.LOG"
Win Stream plugin --> regsvr32 /u /s "C:\Program Files\Win Stream plugin\tbu32\win_stream_plugin.dll"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Search 4.0 --> "C:\WINNT\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wurm Online --> C:\WINNT\system32\javaws.exe -uninstall "http://www.wurmonline.com/client/wurmclient.jnlp"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type15448 / Error
Event Submitted/Written: 08/11/2008 00:30:31 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application AOLacsd.exe, version 2.0.20.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AOLacsd.exe!ld!)

Event Record #/Type15436 / Error
Event Submitted/Written: 08/08/2008 07:47:12 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application AOLacsd.exe, version 2.0.20.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AOLacsd.exe!ld!)

Event Record #/Type15427 / Error
Event Submitted/Written: 08/08/2008 06:37:51 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application AOLacsd.exe, version 2.0.20.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AOLacsd.exe!ld!)

Event Record #/Type15418 / Error
Event Submitted/Written: 08/08/2008 05:48:09 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application AOLacsd.exe, version 2.0.20.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AOLacsd.exe!ld!)

Event Record #/Type15408 / Error
Event Submitted/Written: 08/08/2008 05:29:16 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application AOLacsd.exe, version 2.0.20.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AOLacsd.exe!ld!)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12263 / Error
Event Submitted/Written: 08/11/2008 00:25:03 AM / 08/11/2008 00:25:33 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type12262 / Error
Event Submitted/Written: 08/11/2008 00:25:03 AM / 08/11/2008 00:25:33 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type12261 / Error
Event Submitted/Written: 08/11/2008 00:25:03 AM / 08/11/2008 00:25:33 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type12260 / Error
Event Submitted/Written: 08/11/2008 00:25:03 AM / 08/11/2008 00:25:33 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.

Event Record #/Type12259 / Error
Event Submitted/Written: 08/11/2008 00:25:03 AM / 08/11/2008 00:25:33 AM
Event ID/Source: 4311 / NetBT
Event Description:
Initialization failed because the driver device could not be created.



-- End of Deckard's System Scanner: finished at 2008-08-11 03:13:35 ------------

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:33 AM

Posted 24 August 2008 - 12:55 PM

Hello bearbugy

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users