Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I'm infected...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I'm infected...

Unread postby rc2375 » June 26th, 2007, 2:34 pm

Hello. My name is Matthew. I have been having some trouble with my computer for about... a little over a week. I do believe it started when I downloaded a winrar program. Yes I have learned my lesson. Trust me. I have. lol.

Anyway Below are the problems i'm having and the Hijackthis Log.
If you guys could help me get this fixed without me having to format my harddrive, that would be great. Otherwise my dad is going to kill me. No, seriously. lol. :oops: :roll:

Problems :arrow:
    Super Slow Bootup.
    Lots of freezing, computer wise.
    Programs that went smooth a silk before, now go slow and are jumpy.
    At one point, my Norton Internet Security and Anti-Virus Email, had been disabled, making me enable them manually.


Hijackthis Log :arrow:

Logfile of HijackThis v1.99.1
Scan saved at 2:19:07 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "iwon.com"); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MS_imeService] C:\WINDOWS\IME\Imeupdt.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am
Advertisement
Register to Remove

Unread postby tim s » June 27th, 2007, 12:36 am

Hi rc2375,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly

-------------------------------------------------------------------------

I do see sign of infection but first........

Your HJT log indicates you have 2 Anti-Virus programs

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. They can conflict with each other which leaves you open to infection.

Norton and Prevx

If you have more than one antivirus program installed, you must narrow it down to only one. Please choose one that is currently capable of receiving updates of virus definitions. If you have an antivirus program that no longer has an active subscription to antivirus updates, it cannot protect your system from malware.

You must decide which one you want to use and uninstall all others.

---------------------------------------------------------------

I will also need to check an Uninstall list

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Start HijackThis

Image

2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button

Image

4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Post HJT Uninstall list in next reply

------------------------------------------------------------------

Please post these in next reply to this thread by using the postreply button:
HJT uninstall list
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby rc2375 » June 27th, 2007, 7:20 am

Ok. Thank you Tim, for replying to my call for help. I seem to already have Prevx uninstalled. Either that or I can't find it. How should I take care of it, as it's the one i'd rather get rid of.

Also, When we get this all fixed, what Anti-malware programs do you suggest to use, that are... free? Thanks again.

Uninstall List :arrow:

Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Amazon Trail 3rd Edition
ArcSoft Software Suite
Art Explosion Scrapbook Factory
Atari Anniversary Edition
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.3
CCleaner (remove only)
Clue
DAO 3.5
Deus Ex
Dino Defender
Driver's Education '99
Dsc Pro
Dune 2000
EA Network Play System
EA.com Update
Eyewitness World Atlas
Fetch
Greeting Card Factory Premier
Health Occupations and Nursing AutoExam V1.0
High School Advantage 2002 Math
HijackThis 1.99.1
InCD
INFOPEDIA 2
J2SE Runtime Environment 5.0 Update 3
JAM KT v3
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
JKA Bot Force Generator
Kaplan Essential Review - US History and Government
KBD
Lara Croft Tomb Raider: The Angel Of Darkness
LEGO Star Wars Demo Disc
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Logitech Gaming Software
LucasArts' Balance of Power
LucasArts' Star Wars: Episode I Racer
LucasArts' The Phantom Menace
LucasArts' X-Wing
LucasArts' X-Wing vs. TIE Fighter
Madden NFL (TM) 2000
Merriam-Webster's Reference Library
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Halo
Microsoft Midtown Madness 2
Microsoft Motocross Madness
Microsoft Plus! for Windows XP
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Millionaire Kids Edition Preview Kelloggs
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Multisim 2001 Textbook Edition
Multisim sample circuits
Need For Speed - Porsche Unleashed
Need For Speed High Stakes
Need For Speed Hot Pursuit 2
Need For Speed II SE
Need For Speed III
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
NeroMIX
Netscape (7.1)
Norton Interactive
Norton Internet Security
Norton SystemWorks 2002
Photo Explosion SE
PS2
QuickTime
QuickTime 3.0
Rand McNally TripMaker 98
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sierra Utilities
Spider-Man (tm) Movie
Spybot - Search & Destroy 1.2
Star Wars Battlefront II
Star Wars Galactic Battlegrounds: Saga
Star Wars Jedi Knight Jedi Academy
Star Wars Republic Commando
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Star Wars®: Knights of the Old Republic (TM)
Starcraft
Sub Command
Tiger Woods 99 PGA TOUR Golf
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Westwood Shared Internet Components
Who Wants To Be A Millionaire
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
X-Men(TM) - The Official Game

New Hijckthis Log :arrow:

Logfile of HijackThis v1.99.1
Scan saved at 7:18:39 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

N3 - Netscape 7: user_pref("browser.startup.homepage", "iwon.com"); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MS_imeService] C:\WINDOWS\IME\Imeupdt.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby tim s » June 27th, 2007, 8:53 am

Hi rc2375,

Thanks for posting logs.

Ok. Thank you Tim, for replying to my call for help. I seem to already have Prevx uninstalled. Either that or I can't find it. How should I take care of it, as it's the one i'd rather get rid of.


Maybe leftovers from uninstall it happens.

Also, When we get this all fixed, what Anti-malware programs do you suggest to use, that are... free? Thanks again.


No problem I will post that information when we Have finished.

---------------------------------------------------------------------


Please do the following:

Go to Start- Run – type in CMD and click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop Prevx Agent

Then press Enter

Type:

SC Delete Prevx Agent

Then press Enter.

Type:

exit

Then press Enter



---------------------------------------------------------------


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

-----------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


-------------------------------------------------------------

Please post in next reply these:
SDFix folder as Report.txt <<< located here C:\SDFix
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby rc2375 » June 27th, 2007, 10:11 am

Ok. Well, I did the thing with the CMD, and each time it said that "The Selected Services Are not Avalible." Or something to that effect. Ideas?

Report :arrow:


SDFix: Version 1.88

Run by Star Wars on Wed 06/27/2007 at 09:30 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
RpcSe

ImagePath:
C:\Program Files\Intel\Intel

RpcSe - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\Star Wars\Application Data\addon.dat - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\DeusEx\\System\\DeusEx.exe"="C:\\DeusEx\\System\\DeusEx.exe:*:Enabled:DeusEx"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"="C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe"="C:\\Program Files\\Netscape\\Netscape\\Netscp.exe:*:Enabled:Netscape"
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"="C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe"="C:\\Program Files\\Heroes of Might and Magic III Complete\\Heroes3.exe:*:Enabled:Heroes of Might and Magicr III"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Call of Duty\\CoD_CD1\\Setup\\Data\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoD_CD1\\Setup\\Data\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\Intel.DLL
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\ime\imeupdt.exe

Listing User Accounts:


Administrator Guest HelpAssistant
Star Wars SUPPORT_388945a0


Finished


Newest Hijackthis Log :arrow:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:30 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "iwon.com"); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MS_imeService] C:\WINDOWS\IME\Imeupdt.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby tim s » June 27th, 2007, 10:50 am

Hi rc2375,

I will need to see a log from this tool.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single reply post and you will need to split it into separate reply post.

Please do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-Disabled MS Config items
    • Put a checkmark in the box next to File-Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Use the Add Reply button and Copy/Paste the information back here.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.

I will review log when it is posted.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby rc2375 » June 27th, 2007, 11:30 am

Ok Here it is my friend. :)

WinPFind3.Txt :arrow:

WinPFind3 logfile created on: 6/27/2007 11:02:35 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Star Wars\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

254.48 Mb Total Physical Memory | 23.46 Mb Available Physical Memory | 9.22% Memory free
1009.38 Mb Paging File | 812.25 Mb Available in Paging File | 80.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 36.49 Gb Free Space | 48.96% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HPXT928
Current User Name: Star Wars
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/14/2004 12:05:08 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/14/2004 12:05:08 AM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5090 | Size = 335872 bytes | Modified Date = 3/3/2004 12:00:00 PM | Attr = ]
iamapp.exe -> %ProgramFiles%\Norton Internet Security\IAMAPP.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 373888 bytes | Modified Date = 8/30/2001 1:32:20 AM | Attr = ]
incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 2 | Size = 1398272 bytes | Modified Date = 3/23/2006 5:06:50 PM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\incdsrv.exe -> Nero AG [Ver = 4, 3, 23, 2 | Size = 880128 bytes | Modified Date = 3/23/2006 5:06:38 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
kbd.exe -> %SystemDrive%\hp\kbd\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 7/6/2001 1:56:56 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 115792 bytes | Modified Date = 8/16/2001 6:16:12 PM | Attr = ]
navapw32.exe -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\Navapw32.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 74832 bytes | Modified Date = 8/16/2001 5:52:42 PM | Attr = ]
netscp.exe -> %ProgramFiles%\Netscape\Netscape\Netscp.exe -> Mozilla, Netscape [Ver = 7.1 | Size = 568096 bytes | Modified Date = 6/24/2003 12:09:00 PM | Attr = ]
netscp.exe -> %ProgramFiles%\Netscape\Netscape\Netscp.exe -> Mozilla, Netscape [Ver = 7.1 | Size = 568096 bytes | Modified Date = 6/24/2003 12:09:00 PM | Attr = ]
nisserv.exe -> %ProgramFiles%\Norton Internet Security\NISSERV.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 62592 bytes | Modified Date = 8/30/2001 1:32:44 AM | Attr = ]
nisum.exe -> %ProgramFiles%\Norton Internet Security\NISUM.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 87168 bytes | Modified Date = 8/30/2001 1:32:52 AM | Attr = ]
nopdb.exe -> %ProgramFiles%\Norton SystemWorks\Speed Disk\NOPDB.EXE -> Symantec Corporation [Ver = 6.0.0.20 | Size = 176161 bytes | Modified Date = 8/9/2001 6:00:00 AM | Attr = ]
nprotect.exe -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 15.0.0.20 | Size = 135168 bytes | Modified Date = 8/10/2001 6:00:00 AM | Attr = ]
symproxysvc.exe -> %ProgramFiles%\Norton Internet Security\SymProxySvc.exe -> Symantec Corporation [Ver = 4.0.0.82 | Size = 54400 bytes | Modified Date = 8/30/2001 1:31:58 AM | Attr = ]
sysdoc32.exe -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE -> Symantec Corporation [Ver = 15.0.0.20 | Size = 24614 bytes | Modified Date = 8/10/2001 6:00:00 AM | Attr = ]
uaservice7.exe -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 3/7/2007 8:08:48 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 24651 bytes | Modified Date = 6/20/2002 7:21:32 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 5/14/2004 12:05:08 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0017 | Size = 516096 bytes | Modified Date = 3/3/2004 12:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\incdsrv.exe -> Nero AG [Ver = 4, 3, 23, 2 | Size = 880128 bytes | Modified Date = 3/23/2006 5:06:38 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 115792 bytes | Modified Date = 8/16/2001 6:16:12 PM | Attr = ]
(NISSERV) Norton Internet Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\NISSERV.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 62592 bytes | Modified Date = 8/30/2001 1:32:44 AM | Attr = ]
(NISUM) Norton Internet Security Accounts Manager [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Norton Internet Security\NISUM.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 87168 bytes | Modified Date = 8/30/2001 1:32:52 AM | Attr = ]
(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 15.0.0.20 | Size = 135168 bytes | Modified Date = 8/10/2001 6:00:00 AM | Attr = ]
(PREVXAgent) Prevx Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> File not found
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/13/2001 11:18:36 PM | Attr = ]
(SDService) SDService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\SpywareDetector\SDService.exe -> File not found
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.4.4.17 | Size = 206552 bytes | Modified Date = 1/21/2005 11:32:12 PM | Attr = ]
(Speed Disk service) Speed Disk service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Speed Disk\NOPDB.EXE -> Symantec Corporation [Ver = 6.0.0.20 | Size = 176161 bytes | Modified Date = 8/9/2001 6:00:00 AM | Attr = ]
(SymProxySvc) Norton Internet Security Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\SymProxySvc.exe -> Symantec Corporation [Ver = 4.0.0.82 | Size = 54400 bytes | Modified Date = 8/30/2001 1:31:58 AM | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 3/7/2007 8:08:48 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AtariBanner -> %ProgramFiles%\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe -> Infogrames [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 5/22/2001 6:17:32 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5090 | Size = 335872 bytes | Modified Date = 3/3/2004 12:00:00 PM | Attr = ]
iamapp -> %ProgramFiles%\Norton Internet Security\IAMAPP.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 373888 bytes | Modified Date = 8/30/2001 1:32:20 AM | Attr = ]
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 2 | Size = 1398272 bytes | Modified Date = 3/23/2006 5:06:50 PM | Attr = ]
KBD -> %SystemDrive%\hp\kbd\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 7/6/2001 1:56:56 PM | Attr = ]
MS_imeService -> %SystemRoot%\ime\imeupdt.exe -> [Ver = | Size = 116047 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr = H ]
NAV Agent -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\Navapw32.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 74832 bytes | Modified Date = 8/16/2001 5:52:42 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 81920 bytes | Modified Date = 7/3/2001 1:13:56 PM | Attr = ]
QD FastAndSafe -> %ProgramFiles%\Norton Internet Security\IAMAPP.EXE -> Symantec Corporation [Ver = 4.0.0.82 | Size = 373888 bytes | Modified Date = 8/30/2001 1:32:20 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.4.4.17 | Size = 95960 bytes | Modified Date = 11/25/2006 5:55:22 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Mozilla Quick Launch -> %ProgramFiles%\Netscape\Netscape\Netscp.exe -> Mozilla, Netscape [Ver = 7.1 | Size = 568096 bytes | Modified Date = 6/24/2003 12:09:00 PM | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 61 | Size = 1961984 bytes | Modified Date = 10/11/2005 6:25:32 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Norton System Doctor.lnk -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE -> Symantec Corporation [Ver = 15.0.0.20 | Size = 24614 bytes | Modified Date = 8/10/2001 6:00:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Star Wars\Start Menu\Programs\Startup ->
%UserStartup%\wkcalrem.LNK -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 24651 bytes | Modified Date = 6/20/2002 7:21:32 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 5/14/2004 12:05:08 AM | Attr = ]
SDNotify -> %ProgramFiles%\SpywareDetector\SDNotify.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 8.00.58 | Size = 102400 bytes | Modified Date = 8/16/2001 4:35:10 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 8.00.58 | Size = 102400 bytes | Modified Date = 8/16/2001 4:35:10 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 8.00.58 | Size = 102400 bytes | Modified Date = 8/16/2001 4:35:10 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> %UserDocuments%\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %UserDocuments%\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %UserDocuments%\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe\AddAllLink.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BF8FCE17-0A6A-4999-B23F-23FE66B4D8D5} -> (Linksys NC100 Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/products/plugin/1.4 ... s-i586.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/fl ... wflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Service Host -> %SystemDrive%\DOCUME~1\STARWA~1\LOCALS~1\Temp\svchost.exe -> File not found
Start WingMan Profiler -> -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = MozillaHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->


[Files/Folders - Created Within 60 days]
63765cb01d7f41e98e8384aa -> %SystemDrive%\63765cb01d7f41e98e8384aa -> [Folder | Created Date = 6/20/2007 7:26:45 AM | Attr = ]
a82ab439fa1e9c8e12 -> %SystemDrive%\a82ab439fa1e9c8e12 -> [Folder | Created Date = 6/20/2007 5:55:38 AM | Attr = ]
AnalysisLog.sr0 -> %SystemDrive%\AnalysisLog.sr0 -> [Ver = | Size = 209017 bytes | Created Date = 6/1/2007 1:18:31 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/27/2007 8:23:48 AM | Attr = ]
test.ini -> %SystemDrive%\test.ini -> [Ver = | Size = 30 bytes | Created Date = 5/23/2007 4:21:40 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 5/15/2007 6:45:52 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 5/15/2007 6:45:38 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/15/2007 6:45:05 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 5/15/2007 6:46:47 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/15/2007 6:46:14 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 5/15/2007 6:47:02 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 5/15/2007 6:45:26 PM | Attr = H ]
BZII.INI -> %SystemRoot%\BZII.INI -> [Ver = | Size = 888 bytes | Created Date = 5/23/2007 4:16:03 PM | Attr = ]
CoD.INI -> %SystemRoot%\CoD.INI -> [Ver = | Size = 632 bytes | Created Date = 6/6/2007 4:24:27 PM | Attr = ]
npl.pln -> %SystemRoot%\npl.pln -> [Ver = | Size = 23448 bytes | Created Date = 6/25/2007 9:38:06 PM | Attr = ]
ua2.dll -> %SystemRoot%\ua2.dll -> [Ver = | Size = 77312 bytes | Created Date = 6/23/2007 1:52:54 PM | Attr = ]
War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 76324 bytes | Created Date = 6/1/2007 9:03:48 AM | Attr = ]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Created Date = 6/1/2007 9:03:42 AM | Attr = ]
War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Created Date = 6/1/2007 9:03:43 AM | Attr = ]
Winchat.ini -> %SystemRoot%\Winchat.ini -> [Ver = | Size = 137 bytes | Created Date = 6/19/2007 3:28:27 PM | Attr = ]
ACTSKN43.OCX -> %System32%\ACTSKN43.OCX -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 6/25/2007 11:32:04 AM | Attr = ]
actsplash.ocx -> %System32%\actsplash.ocx -> SoftShape Development [Ver = 1, 0, 2, 2 | Size = 188416 bytes | Created Date = 6/25/2007 11:32:04 AM | Attr = ]
bitcometres.dll -> %System32%\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Created Date = 6/1/2007 6:45:09 AM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 6/22/2007 4:25:40 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 6/25/2007 5:32:23 PM | Attr = ]
Flash.ocx -> %System32%\Flash.ocx -> Macromedia, Inc. [Ver = 8,0,22,0 | Size = 1435272 bytes | Created Date = 6/25/2007 11:32:04 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49248 bytes | Created Date = 5/21/2007 1:45:20 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49250 bytes | Created Date = 5/21/2007 1:45:20 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 127078 bytes | Created Date = 5/21/2007 1:45:20 PM | Attr = ]
ProgressBar4.ocx -> %System32%\ProgressBar4.ocx -> Ariad Software [Ver = 4.01.0007 | Size = 89088 bytes | Created Date = 6/25/2007 11:32:03 AM | Attr = ]
SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 184 bytes | Created Date = 6/23/2007 11:10:44 AM | Attr = ]
threadapi.tlb -> %System32%\threadapi.tlb -> [Ver = | Size = 11012 bytes | Created Date = 6/25/2007 11:32:03 AM | Attr = ]
VchReg.dll -> %System32%\VchReg.dll -> Max Secure Software [Ver = 6, 0, 3, 7 | Size = 1044480 bytes | Created Date = 6/23/2007 11:03:28 AM | Attr = ]
XceedBkp.dll -> %System32%\XceedBkp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Created Date = 6/25/2007 11:32:05 AM | Attr = ]
XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Created Date = 6/25/2007 11:32:05 AM | Attr = ]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.1.0 | Size = 26056 bytes | Created Date = 5/19/2007 1:41:00 PM | Attr = ]
hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 813 bytes | Created Date = 6/23/2007 11:03:28 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 813 bytes | Created Date = 6/20/2007 7:20:19 AM | Attr = ]

[Files/Folders - Modified Within 60 days]
63765cb01d7f41e98e8384aa -> %SystemDrive%\63765cb01d7f41e98e8384aa -> [Folder | Modified Date = 6/20/2007 8:26:48 AM | Attr = ]
a82ab439fa1e9c8e12 -> %SystemDrive%\a82ab439fa1e9c8e12 -> [Folder | Modified Date = 6/20/2007 8:22:42 AM | Attr = ]
AnalysisLog.sr0 -> %SystemDrive%\AnalysisLog.sr0 -> [Ver = | Size = 209017 bytes | Modified Date = 6/1/2007 2:19:16 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/23/2007 6:07:30 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/26/2007 6:06:02 PM | Attr = HS]
DeusEx -> %SystemDrive%\DeusEx -> [Folder | Modified Date = 6/14/2007 11:19:28 AM | Attr = ]
DOWNLOADS -> %SystemDrive%\DOWNLOADS -> [Folder | Modified Date = 5/23/2007 12:30:06 PM | Attr = ]
POOHPS -> %SystemDrive%\POOHPS -> [Folder | Modified Date = 6/7/2007 11:44:30 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/27/2007 10:51:44 AM | Attr = R ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/27/2007 9:48:26 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/25/2007 3:41:00 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/19/2007 2:39:48 PM | Attr = ]
test.ini -> %SystemDrive%\test.ini -> [Ver = | Size = 30 bytes | Modified Date = 5/23/2007 5:21:42 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/27/2007 9:27:04 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/13/2007 7:04:54 AM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 5/15/2007 7:45:54 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 5/15/2007 7:45:40 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/15/2007 7:45:08 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 5/15/2007 7:46:50 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/15/2007 7:46:20 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 5/15/2007 7:47:04 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 5/15/2007 7:45:28 PM | Attr = H ]
A5W.INI -> %SystemRoot%\A5W.INI -> [Ver = | Size = 35 bytes | Modified Date = 5/25/2007 5:11:34 PM | Attr = ]
A5W_DATA -> %SystemRoot%\A5W_DATA -> [Folder | Modified Date = 5/25/2007 5:11:34 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/27/2007 10:51:36 AM | Attr = S]
BZII.INI -> %SystemRoot%\BZII.INI -> [Ver = | Size = 888 bytes | Modified Date = 5/23/2007 6:24:46 PM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 8809 bytes | Modified Date = 6/19/2007 1:12:56 PM | Attr = ]
CoD.INI -> %SystemRoot%\CoD.INI -> [Ver = | Size = 632 bytes | Modified Date = 6/8/2007 11:42:42 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/23/2007 12:58:00 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/20/2007 10:01:34 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/11/2007 12:45:18 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/12/2007 2:18:08 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 6/19/2007 1:23:52 PM | Attr = H ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/26/2007 6:00:26 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/26/2007 6:06:02 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/23/2007 12:58:00 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/15/2007 7:54:24 PM | Attr = ]
npl.pln -> %SystemRoot%\npl.pln -> [Ver = | Size = 23448 bytes | Modified Date = 6/25/2007 10:44:32 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/27/2007 11:01:34 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/26/2007 1:54:44 PM | Attr = ]
QTW.INI -> %SystemRoot%\QTW.INI -> [Ver = | Size = 304 bytes | Modified Date = 5/25/2007 5:11:32 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/26/2007 2:07:34 PM | Attr = ]
Run32A50.mch -> %SystemRoot%\Run32A50.mch -> [Ver = | Size = 12218 bytes | Modified Date = 5/25/2007 5:11:38 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/19/2007 1:38:30 PM | Attr = ]
Sof2.INI -> %SystemRoot%\Sof2.INI -> [Ver = | Size = 604 bytes | Modified Date = 6/19/2007 4:56:00 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/23/2007 1:28:30 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 6/23/2007 12:04:14 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 6/26/2007 1:54:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/26/2007 6:00:26 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/26/2007 1:32:32 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/27/2007 10:52:14 AM | Attr = ]
TrpMaker.INI -> %SystemRoot%\TrpMaker.INI -> [Ver = | Size = 510 bytes | Modified Date = 6/15/2007 7:31:26 PM | Attr = ]
ua2.dll -> %SystemRoot%\ua2.dll -> [Ver = | Size = 77312 bytes | Modified Date = 6/23/2007 2:52:56 PM | Attr = ]
War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 76324 bytes | Modified Date = 6/1/2007 2:09:40 PM | Attr = ]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Modified Date = 6/1/2007 10:21:08 AM | Attr = ]
War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Modified Date = 6/1/2007 10:21:08 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1109 bytes | Modified Date = 6/26/2007 1:54:46 PM | Attr = ]
Winchat.ini -> %SystemRoot%\Winchat.ini -> [Ver = | Size = 137 bytes | Modified Date = 6/19/2007 4:28:42 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/23/2007 2:52:52 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/27/2007 10:51:40 AM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 420 bytes | Modified Date = 6/27/2007 10:52:22 AM | Attr = ]
bitcometres.dll -> %System32%\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 6/1/2007 7:45:12 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/26/2007 7:27:12 PM | Attr = ]
CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 5/27/2007 5:59:02 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 6/24/2007 3:15:18 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/26/2007 2:07:46 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 6/25/2007 6:32:30 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/12/2007 2:25:14 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/26/2007 1:10:00 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 247104 bytes | Modified Date = 6/25/2007 3:40:46 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 6/25/2007 5:51:30 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 6/25/2007 5:51:30 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/25/2007 3:41:00 PM | Attr = ]
SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 184 bytes | Modified Date = 6/23/2007 12:10:46 PM | Attr = ]
VchReg.dll -> %System32%\VchReg.dll -> Max Secure Software [Ver = 6, 0, 3, 7 | Size = 1044480 bytes | Modified Date = 5/29/2007 11:18:22 AM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/26/2007 2:07:34 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/25/2007 3:40:52 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 6/27/2007 9:31:36 AM | Attr = ]
hamachi.sys -> %System32%\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.1.0 | Size = 26056 bytes | Modified Date = 5/24/2007 8:57:02 AM | Attr = ]
hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 813 bytes | Modified Date = 6/20/2007 8:29:34 AM | Attr = ]
hosts.bak -> %System32%\drivers\etc\hosts.bak -> [Ver = | Size = 813 bytes | Modified Date = 6/20/2007 8:20:20 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\fmod.dll -> Firelight Technologies Pty, Ltd [Ver = 3.74 | Size = 161280 bytes | Modified Date = 10/28/2006 12:43:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\JAMktSetup_uninstall.exe -> JAM [Ver = 1.00 | Size = 5992448 bytes | Modified Date = 5/23/2006 9:33:14 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/28/2006 6:52:52 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedBkp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Modified Date = 5/11/2004 10:56:54 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 2:59:36 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >[/b]
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby rc2375 » June 27th, 2007, 11:31 am

Eh, at the end, just ignore the [b]. I was trying to use bold... it wasn't part of the report... Sorry. :?
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby tim s » June 27th, 2007, 12:13 pm

Hi rc2375,

I need to know if you have uninstalled this program it is not needed SpywareDetector?

Ok this is next:

Start WinPFind3U.
Copy/Paste the information that is inside of the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
NOTE*(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Win32 Services - Non-Microsoft Only]
YY -> (PREVXAgent) Prevx Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
NOTE* If for some reason Notepad does not open with log of actions taken. The log will be in the Winpfind3u folder and will have a name like this:
( mmddyyyy_hhmmss.log)

Just copy and paste that log in your next reply.

Restart computer

-----------------------------------------------------------------------------

Please do the following I see you already have Ccleaner installed make sure it is set up as follows:
Here we are going to clean out cookies and temp files from your computer.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!



  • Double click the CCleaner shortcut on the desktop to start the program.
    • On the Windows tab, under Internet Explorer,
      • All Boxes should have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • On the Windows tab, under Windows Explorer,
      • All Boxes should have a check mark.
    • On the Windows tab, under System,
      • All Boxes should have a check mark.
    • On the Windows tab, under Advanced,
      • NO check marks
  • If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
  • You will need to reboot here if not ask to do so.
_______________________________

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports. NOTE* If this is not selected you will not be able to click Save Scan Report button when instructed to do so.
    • Under What to scan? - Select Scan every file.
Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Open AVG Anti-Spyware program.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Restart computer back into normal mode.

-----------------------------------------------------------

Post these in next reply:
AVG Anti-Spyware report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby rc2375 » June 27th, 2007, 12:21 pm

Ok. I did have SpywareDetector, but when it didn't detect anything, I uninstalled it, So yes, it should be gone...

And

Here's the log from the fix. I'm going to restart my comp and do the other things. Give me a few... ;)

[Win32 Services - Non-Microsoft Only]
Service PREVXAgent stopped successfully.
Service PREVXAgent deleted successfully.
File C:\Program Files\Prevx2\PXAgent.exe not found.
< End of log >
Created on 06/27/2007 12:17:25
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby rc2375 » June 27th, 2007, 3:15 pm

Ok. Um, just so you know, I'm getting an Error message now that says That Norton Internet Security Has Had An Error and That It needs to close. But the thing is... it doesn't close. It's just weird I guess.

AVG Anti-Spyware Report :arrow:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:00:52 PM 6/27/2007

+ Scan result:



C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP1\A0007023.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0008032.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0013050.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0014050.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0015050.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0016050.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0017050.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0019071.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP2\A0020071.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0026288.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0030463.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0031482.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0031493.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0031502.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0032524.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F0FF4FBB-DA78-42D4-BD9E-B95A6A3B6186}\RP4\A0032534.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).
C:\WINDOWS\ime\imeupdt.exe -> Dropper.Delf.rc : Cleaned with backup (quarantined).


::Report end

HijackThis Log (New) :arrow:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:28 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "iwon.com"); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby tim s » June 27th, 2007, 4:03 pm

Hi rc2375,

Ok. Um, just so you know, I'm getting an Error message now that says That Norton Internet Security Has Had An Error and That It needs to close. But the thing is... it doesn't close. It's just weird I guess.


I will check into Error message and get back to you on that. Please do the following next:

Start WinPFind3U.
Copy/Paste the information that is inside of the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
NOTE*(make sure to just highlight and copy what is inside of the quote box nothing outside of it)

[Win32 Services - Non-Microsoft Only]
YY -> (SDService) SDService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\SpywareDetector\SDService.exe
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> SDNotify -> %ProgramFiles%\SpywareDetector\SDNotify.dll


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished.
Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
NOTE* If for some reason Notepad does not open with log of actions taken. The log will be in the Winpfind3u folder and will have a name like this:
( mmddyyyy_hhmmss.log)

Just copy and paste that log in your next reply.

--------------------------------------------------------------

This is next:

Run Panda's ActiveScan from here and perform a full system scan.
NOTE* You must use Internet Explorer for this scan to work.

1. Once you are on the Panda site scroll to the bottom of page and click the "Scan your PC" button NOTE: If you have a popblocker enable you will have to allow popup here.
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes. You may have to reboot here and start back with step 1. I did.)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply with others requested.

Post in next reply:
WinPFind3U log ( mmddyyyy_hhmmss.log)
Panda online scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby rc2375 » June 27th, 2007, 5:17 pm

Hey Tim. I figure it'd be best to let you know, I won't be able to do much tomarrow. I've got to do yard work. I did manage to do that fix. Here's the report for it.

First chance I get, I'll do that other scan and get you it's report and the new HJT log. But I'm just letting you know. I still want help, I just can't do anything tomarrow. Sorry.

Be back friday though. :?

Report: :arrow:

[Win32 Services - Non-Microsoft Only]
Service SDService stopped successfully.
Service SDService deleted successfully.
File C:\Program Files\SpywareDetector\SDService.exe not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify deleted successfully.
< End of log >
Created on 06/27/2007 16:08:58
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby rc2375 » June 29th, 2007, 1:21 pm

Hey Tim. I seem to be having a problem. I can get to the scan, but when it reaches a file, something with Photoshop Help content.css or something like that, It just stops and does nothing. So far it's found one Hacking tool and rootkit.

I've got to go out with my mom, so I'll be back on later. Here a HJT Log for you to look over:

Logfile of HijackThis v1.99.1
Scan saved at 1:17:21 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "iwon.com"); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Star Wars\Application Data\Mozilla\Profiles\default\h5hw9omd.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Star Wars\My Documents\Matthew ''Nemesis'' Smith\BitComet_0.86\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
User avatar
rc2375
Active Member
 
Posts: 13
Joined: June 26th, 2007, 11:46 am

Unread postby tim s » June 29th, 2007, 2:37 pm

Hi rc2375,

Hey Tim. I seem to be having a problem. I can get to the scan, but when it reaches a file, something with Photoshop Help content.css or something like that, It just stops and does nothing. So far it's found one Hacking tool and rootkit.


Some of the removal tools I had you download can be listed as bad by online scanner it depends on how they are used. Online scanner can not tell between good or bad. I will not know until I see a report let try a different scanner but first do the following:

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 6u1
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u 1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start then Control Panel > then Add/Remove Programs and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Restart your computer once all Java components are removed to complete uninstall.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

Once it has finished installing if not ask to restart computer please do so now.

----------------------------------------------------------------------------------------

Next:

Please do an online scan with Kaspersky Online Scanner

Notice!
A new version of Kaspersky Virus Scanner has been released on August 8, 2006. If you have installed a previous version, you must unistall that program first before installing the new version. To uninstall, please go to the computer control panel and select "Add/Remove Programs." Close all Internet Explorer windows before uninstalling the Kaspersky Online Scanner.
Note* You must use Internet Explorer for the scan not Firefox or any other browser if you have it.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save Report As button:
    • Save the file to your desktop.
    • File Type: Text file (*.txt).
    • Name: Kav.txt for example
  • Copy and paste that information in your next post.
==========================

Post in next reply:
kaspersky online scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware