Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help help me fix my friend computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help help me fix my friend computer

Unread postby Andy35652 » December 14th, 2007, 11:31 am

im getting internet explorer pop-up even though im useing firefox now. i have ran avg virse and spyware. I have tryed a few things but none of them seem to help at all. Its driving me crazy when im playing wow or watching utube and they pop up and slow my computer down or get in the way.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:30:41 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QdrPack\QdrPack10.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm028YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - (no file)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Viewpoint\proky.html

--
End of file - 10268 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am
Advertisement
Register to Remove

Re: help help me fix my friend computer

Unread postby random/random » December 15th, 2007, 8:07 pm

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 16th, 2007, 12:29 pm

heres the new one after i updated hijackthis and ran my avg virse,spyware and one of the online ones in the top most post


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:56 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - (no file)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Viewpoint\proky.html

--
End of file - 9682 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 16th, 2007, 6:40 pm

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Post back with the smitfraudfix log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 16th, 2007, 6:45 pm

SmitFraudFix v2.269

Scan done at 16:42:25.96, Sun 12/16/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Viewpoint\\proky.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 66.90.132.162
DNS Server Search Order: 66.90.130.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


AND hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:26 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video AX Object\smmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - (no file)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Viewpoint\proky.html

--
End of file - 9681 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 17th, 2007, 1:40 pm

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply, along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 17th, 2007, 2:47 pm

SmitFraudFix v2.271

Scan done at 12:40:03.62, Mon 12/17/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{56FD4FEE-AE1B-4772-BF96-6D7486969C2D}: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{98537025-A9D1-40B1-B39F-E7A96D098DB2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B842E37E-6E1E-47DC-8888-4CB73DF58CFC}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.90.132.162 66.90.130.10


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



And hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:02 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8578 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 17th, 2007, 4:35 pm

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 17th, 2007, 4:52 pm

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-17 14:48:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2007-12-17 20:48:15 UTC - RP1022 - Deckard's System Scanner Restore Point
20: 2007-12-17 01:03:11 UTC - RP1021 - System Checkpoint
19: 2007-12-15 16:13:18 UTC - RP1020 - Installed Adobe Reader 7.0.9
18: 2007-12-15 14:47:52 UTC - RP1019 - Windows Defender Checkpoint
17: 2007-12-14 15:20:35 UTC - RP1018 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-05 15:28:05 UTC - RP1002 - Installed AruaROSE.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:33 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8475 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 core - c:\windows\system32\drivers\core.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing)
S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20031015.009\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20031015.009\navex15.sys (file missing)
S3 SAVRT - c:\program files\norton internet security\norton antivirus\savrt.sys (file missing)
S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050920.038\symidsco.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing)
S2 ccProxy (Symantec Network Proxy) - "c:\program files\common files\symantec shared\ccproxy.exe" (file missing)
S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing)
S2 cmdService (Command Service) - c:\windows\u3dlzxqgvghpbmc\command.exe (file missing)
S2 navapsvc (Norton AntiVirus Auto Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)
S2 SymWSC (SymWMI Service) - c:\program files\common files\symantec shared\security center\symwsc.exe (file missing)
S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S3 ccPwdSvc (Symantec Password Validation) - "c:\program files\common files\symantec shared\ccpwdsvc.exe" (file missing)
S3 SAVScan - "c:\program files\norton internet security\norton antivirus\savscan.exe" (file missing)
S3 SNDSrvc (Symantec Network Drivers Service) - c:\program files\common files\symantec shared\sndsrvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-17 12:45:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-16 16:42:39 2690 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 10:27:41 0 d-------- C:\Program Files\Trend Micro
2007-12-15 11:14:20 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-15 10:14:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-14 09:13:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Tibia
2007-12-14 09:12:24 0 d-------- C:\Program Files\Tibia
2007-12-12 20:42:20 0 d-------- C:\Program Files\Panicware
2007-12-11 22:16:30 0 d-------- C:\UserJoy
2007-12-11 15:28:39 0 d-------- C:\Program Files\Ventrilo
2007-12-11 15:28:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 17:31:24 0 d-------- C:\Program Files\Asprate
2007-12-09 17:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-12-09 16:35:23 684 --a------ C:\WINDOWS\mozver.dat
2007-12-09 14:54:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-12-09 14:45:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-12-09 14:02:43 0 d-------- C:\Program Files\Realtek AC97
2007-12-08 13:48:21 4980736 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-12-04 21:23:12 0 d-------- C:\Program Files\QdrPack
2007-12-04 11:12:36 8 --a------ C:\WINDOWS\system32\rasqervy.dll
2007-12-04 11:12:25 8 --a------ C:\WINDOWS\system32\sdfinacs.dll
2007-12-04 11:09:36 5 --a------ C:\WINDOWS\system32\sdfixwcs.dll
2007-12-03 16:29:11 0 --a------ C:\WINDOWS\system32\wuasirvy.dll
2007-12-03 13:27:53 0 d-------- C:\Documents and Settings\Owner\Application Data\BYOND
2007-12-02 10:48:57 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-02 10:48:57 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-02 10:48:56 0 d-------- C:\Program Files\Xvid
2007-12-01 14:07:11 0 dr-h----- C:\$VAULT$.AVG
2007-12-01 14:05:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-01 14:05:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-01 14:04:42 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 13:52:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-12-01 13:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 13:51:04 0 d-------- C:\Program Files\WinAble
2007-11-24 19:19:09 0 d-------- C:\Program Files\Windows Defender
2007-11-24 18:42:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Awola
2007-11-24 17:32:03 0 --ahs---- C:\Documents and Settings\Owner\Application Data\6d641e2326d60d5bbab656cf88e17502.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-15 10:14:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-15 10:11:22 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-12-14 09:11:27 0 d-------- C:\Program Files\QdrModule
2007-12-13 18:06:11 0 d-------- C:\Program Files\World of Warcraft
2007-12-12 19:17:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 15:28:26 0 d-------- C:\Program Files\Common Files
2007-12-09 16:36:06 0 d-------- C:\Program Files\DivX
2007-12-09 14:47:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-05 09:28:39 0 --a------ C:\WINDOWS\system32\wiadefu66.dll
2007-12-05 09:28:39 0 --a------ C:\WINDOWS\system32\vjo15.dll
2007-12-04 21:23:12 0 d-------- C:\Program Files\ISM
2007-12-01 18:44:58 0 d-------- C:\Program Files\Winamp
2007-12-01 14:09:47 0 d-------- C:\Documents and Settings\Owner\Application Data\WinTouch
2007-12-01 13:55:04 0 d-------- C:\Program Files\Temporary
2007-11-24 19:29:20 0 d-------- C:\Program Files\InetGet2
2007-11-24 19:27:13 0 d-------- C:\Program Files\Words
2007-11-24 18:23:34 0 d-------- C:\Program Files\VentSrv
2007-11-24 18:14:56 0 d-------- C:\Program Files\Viewpoint
2007-11-24 18:01:10 0 d-------- C:\Program Files\Common Files\rqof
2007-11-08 21:39:38 0 d-------- C:\Program Files\??mantec
2007-11-04 02:43:27 0 d-------- C:\Program Files\Insider
2007-11-04 02:42:51 0 d-------- C:\Program Files\Yahoo!
2007-10-05 04:38:06 10240 --a------ C:\WINDOWS\b999.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B6C3DFA-A240-80EE-1E12-898DB9258FC0}]
C:\WINDOWS\system32\imbvxeg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
10/24/2007 07:17 AM 180224 --a------ C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2007 01:20 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/01/2007 02:04 PM]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jucmdhl"="C:\Program Files\Common Files\s?stem32\cmd.exe" []
"WinPop"="C:\Program Files\WinPop\winpop.exe" []
"Jtj"="C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe" []
"Insider"="C:\Program Files\Insider\Insider.exe" [11/04/2007 02:43 AM]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/10/2007 3:16:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client.lnk]
backup=C:\WINDOWS\pss\2Wire Wireless Client.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GoZone iSync.lnk]
backup=C:\WINDOWS\pss\GoZone iSync.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GoZone iSync.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PictureProject In Touch.lnk]
backup=C:\WINDOWS\pss\PictureProject In Touch.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PictureProject In Touch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
"C:\Program Files\DriveCleaner Free\UDC.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1124295227\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MondoTalk]
C:\Program Files\MondoTalk\MondoTalk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCVNq]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\PROGRA~1\REGIST~1\regclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2007-12-17 14:51:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 509.98 MiB / 202.06 MiB
Pagefile Memory (total/avail): 1248.86 MiB / 899.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.6 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 37.58 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L090AVV207-0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

FW: Norton Internet Security v2004 (Symantec Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BYOND\\bin\\dreamseeker.exe"="C:\\Program Files\\BYOND\\bin\\dreamseeker.exe:*:Enabled:Dream Seeker"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JENWK12
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JENWK12
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=JENWK12
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Browser Protection Volume --> "C:\Program Files\Video AX Object\bpunst.exe"
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
Insider --> C:\Program Files\Insider\UnInstall.exe
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Internet Explorer Secure Plug-in --> "C:\Program Files\Video AX Object\spunst.exe"
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lexmark 510 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
PDF Manual NW-E000 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F0C7588-DC73-4465-8BAB-21813C1EC047}\setup.exe" -l0x9 UNINSTALL -removeonly
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch 1.0 --> C:\Program Files\Nikon\PictureProject In Touch\uninst.exe
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Messenger --> "C:\Program Files\Video AX Object\smunst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Tibia --> "C:\Program Files\Tibia\unins000.exe"
Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
UniUploader --> C:\Program Files\UniUploader\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
WinAble --> "C:\Program Files\WinAble\winable.exe" -uninstall
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPop --> C:\Program Files\WinPop\UnInstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinTouch --> C:\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Words --> C:\Program Files\Words\UnInstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type5669 / Success
Event Submitted/Written: 12/17/2007 10:48:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5664 / Warning
Event Submitted/Written: 12/16/2007 10:22:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5658 / Success
Event Submitted/Written: 12/16/2007 10:26:11 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5653 / Warning
Event Submitted/Written: 12/16/2007 10:01:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5620 / Success
Event Submitted/Written: 12/15/2007 09:53:34 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1557 / Warning
Event Submitted/Written: 12/17/2007 02:50:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {8A5D0211-EEC0-41DF-BF26-B99249C2CBD0}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1556 / Warning
Event Submitted/Written: 12/17/2007 02:50:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {D397E1DD-A681-48BB-972B-9063533576A3}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1555 / Warning
Event Submitted/Written: 12/17/2007 02:50:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {B8482CE3-97DE-4944-9A0C-65D7592F01B6}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1554 / Warning
Event Submitted/Written: 12/17/2007 02:50:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {D1AE3DCA-C7FB-4C37-BED0-3344D7E89F2D}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1553 / Warning
Event Submitted/Written: 12/17/2007 02:50:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {25C99802-F006-45BC-924A-79A16FF62D82}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2007-12-17 14:51:40 ------------
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 17th, 2007, 4:59 pm

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 17th, 2007, 6:08 pm

SDFix: Version 1.118

Run by Owner on Mon 12/17/2007 at 03:44 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
core

Path:
C:\WINDOWS\U3dlZXQgVGhpbmc\command.exe
system32\drivers\core.sys

cmdService - Deleted
core - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\VJO15.DLL - Deleted
C:\WINDOWS\SYSTEM32\WIADEF~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\WUASIRVY.DLL - Deleted
C:\Program Files\Insider\Insider.exe - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\rasqervy.dll - Deleted
C:\WINDOWS\system32\sdfinacs.dll - Deleted
C:\WINDOWS\system32\sdfixwcs.dll - Deleted
C:\WINDOWS\system32\wuasirvy.dll - Deleted
C:\WINDOWS\wr.txt - Deleted



Folder C:\Documents and Settings\Owner\Application Data\WinTouch - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\Program Files\Words - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 15:56:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\32\32-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v32-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8544 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\32\32-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v32-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\01\10-{487260D8-2D15-5784-F662-4E018A3CFD96}-v1-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\11\11-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v11-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8832 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\11\11-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v11-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\12\12-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v12-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7968 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\12\12-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v12-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 888 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\13\13-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v13-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7914 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\13\13-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v13-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\14\14-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v14-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8310 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\14\14-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v14-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 936 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\15\15-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v15-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10542 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\15\15-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v15-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1184 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\16\16-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v16-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8022 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\16\16-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v16-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\17\17-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v17-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10344 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\17\17-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v17-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\18\18-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v18-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10290 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\18\18-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v18-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\19\19-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v19-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10668 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\19\19-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v19-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\20\20-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v20-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9822 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\20\20-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v20-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1136 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\21\21-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v21-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9750 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\21\21-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v21-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1128 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\22\22-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v22-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9948 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\22\22-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v22-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1144 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\23\23-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v23-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10056 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\23\23-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v23-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\24\24-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v24-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9192 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\24\24-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v24-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1032 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\25\25-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v25-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10200 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\25\25-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v25-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1160 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\26\26-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v26-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10524 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\26\26-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v26-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\27\27-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v27-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10164 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\27\27-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v27-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\28\28-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v28-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7122 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\28\28-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v28-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 808 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\29\29-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v29-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10236 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\29\29-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v29-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\30\30-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v30-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10038 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\30\30-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v30-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1136 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\31\31-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v31-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9714 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\31\31-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v31-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\33\33-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v33-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9624 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\33\33-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v33-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\34\34-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v34-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8886 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\34\34-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v34-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1024 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\35\35-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v35-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9552 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\35\35-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v35-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\36\36-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v36-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7158 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\36\36-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v36-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 800 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\37\37-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v37-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10380 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\37\37-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v37-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\38\38-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v38-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10146 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\38\38-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v38-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1128 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\39\39-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v39-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9282 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\39\39-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v39-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\40\40-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v40-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8706 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\40\40-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v40-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 992 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\41\41-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v41-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8814 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\41\41-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v41-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1008 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\42\42-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v42-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9516 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\42\42-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v42-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\43\43-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v43-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9318 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\43\43-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v43-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\44\44-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v44-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9264 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\44\44-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v44-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\45\45-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v45-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8724 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\45\45-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v45-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\46\46-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v46-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9066 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\46\46-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v46-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1032 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\47\47-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v47-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9678 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\47\47-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v47-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1080 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\48\48-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v48-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9354 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\48\48-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v48-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1056 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\87\87-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v87-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8130 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\87\87-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v87-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\88\88-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v88-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v88-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7734 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\88\88-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v88-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v88-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 872 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\89\89-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v89-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v89-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7896 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\89\89-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v89-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v89-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 920 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\90\90-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v90-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v90-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7896 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\90\90-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v90-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v90-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\91\91-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v91-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8526 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\91\91-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v91-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\92\92-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v92-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8346 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\92\92-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v92-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 936 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\93\93-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v93-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8472 bytes hidden from API
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\jenski84@msn.com\SharingMetadata\kaizoku_ou_luffy@hotmail.com\DFSR\Staging\CS{487260D8-2D15-5784-F662-4E018A3CFD96}\93\93-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v93-{32493FC0-29E0-4823-A285-8D0E4350AF1D}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 960 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 91


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BYOND\\bin\\dreamseeker.exe"="C:\\Program Files\\BYOND\\bin\\dreamseeker.exe:*:Enabled:Dream Seeker"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 11 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Mon 11 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Mon 18 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 4 Feb 2007 916 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BITB.tmp"
Mon 18 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Mon 3 Dec 2007 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 2 Jul 2007 9,655 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"

Finished!








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:21 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8122 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 18th, 2007, 6:48 pm

Go to Start > Run... and copy/paste the text below into the Runbox:

Code: Select all
"%userprofile%\desktop\dss.exe" /config


A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 18th, 2007, 8:38 pm

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-18 18:35:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2007-12-19 00:35:32 UTC - RP1024 - Deckard's System Scanner Restore Point
22: 2007-12-18 21:29:52 UTC - RP1023 - Shockwave Player
21: 2007-12-17 20:48:15 UTC - RP1022 - Deckard's System Scanner Restore Point
20: 2007-12-17 01:03:11 UTC - RP1021 - System Checkpoint
19: 2007-12-15 16:13:18 UTC - RP1020 - Installed Adobe Reader 7.0.9


-- First Restore Point --
1: 2007-12-05 15:28:05 UTC - RP1002 - Installed AruaROSE.


Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:01 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8318 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing)
S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20031015.009\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20031015.009\navex15.sys (file missing)
S3 SAVRT - c:\program files\norton internet security\norton antivirus\savrt.sys (file missing)
S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050920.038\symidsco.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing)
S2 ccProxy (Symantec Network Proxy) - "c:\program files\common files\symantec shared\ccproxy.exe" (file missing)
S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing)
S2 navapsvc (Norton AntiVirus Auto Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)
S2 SymWSC (SymWMI Service) - c:\program files\common files\symantec shared\security center\symwsc.exe (file missing)
S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S3 ccPwdSvc (Symantec Password Validation) - "c:\program files\common files\symantec shared\ccpwdsvc.exe" (file missing)
S3 SAVScan - "c:\program files\norton internet security\norton antivirus\savscan.exe" (file missing)
S3 SNDSrvc (Symantec Network Drivers Service) - c:\program files\common files\symantec shared\sndsrvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1572)
2006-04-07 09:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2007-09-20 18:34:58 129024 --a------ C:\Program Files\WinRAR\RarExt.dll


-- Scheduled Tasks -------------------------------------------------------------

2007-12-18 09:40:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-11-18 and 2007-12-18 -----------------------------

2007-12-17 18:18:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Tibia
2007-12-17 18:18:09 0 d-------- C:\Program Files\Tibia
2007-12-17 15:43:09 0 d-------- C:\WINDOWS\ERUNT
2007-12-16 16:42:39 2690 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 10:27:41 0 d-------- C:\Program Files\Trend Micro
2007-12-15 11:14:20 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-15 10:14:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-12 20:42:20 0 d-------- C:\Program Files\Panicware
2007-12-11 22:16:30 0 d-------- C:\UserJoy
2007-12-11 15:28:39 0 d-------- C:\Program Files\Ventrilo
2007-12-11 15:28:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 17:31:24 0 d-------- C:\Program Files\Asprate
2007-12-09 17:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-12-09 16:35:23 815 --a------ C:\WINDOWS\mozver.dat
2007-12-09 14:54:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-12-09 14:45:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-12-09 14:02:43 0 d-------- C:\Program Files\Realtek AC97
2007-12-08 13:48:21 6029312 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-12-04 21:23:12 0 d-------- C:\Program Files\QdrPack
2007-12-03 13:27:53 0 d-------- C:\Documents and Settings\Owner\Application Data\BYOND
2007-12-02 10:48:57 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-02 10:48:57 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-02 10:48:56 0 d-------- C:\Program Files\Xvid
2007-12-01 14:07:11 0 dr-h----- C:\$VAULT$.AVG
2007-12-01 14:05:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-01 14:05:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-01 14:04:42 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 13:52:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-12-01 13:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-24 19:19:09 0 d-------- C:\Program Files\Windows Defender
2007-11-24 18:42:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Awola
2007-11-24 17:32:03 0 --ahs---- C:\Documents and Settings\Owner\Application Data\6d641e2326d60d5bbab656cf88e17502.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-17 15:48:44 0 d-------- C:\Program Files\Common Files
2007-12-15 10:14:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-15 10:11:22 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-12-14 09:11:27 0 d-------- C:\Program Files\QdrModule
2007-12-13 18:06:11 0 d-------- C:\Program Files\World of Warcraft
2007-12-12 19:17:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-09 16:36:06 0 d-------- C:\Program Files\DivX
2007-12-09 14:47:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-04 21:23:12 0 d-------- C:\Program Files\ISM
2007-12-01 18:44:58 0 d-------- C:\Program Files\Winamp
2007-11-24 18:23:34 0 d-------- C:\Program Files\VentSrv
2007-11-24 18:14:56 0 d-------- C:\Program Files\Viewpoint
2007-11-24 18:01:10 0 d-------- C:\Program Files\Common Files\rqof
2007-11-08 21:39:38 0 d-------- C:\Program Files\??mantec
2007-11-04 02:42:51 0 d-------- C:\Program Files\Yahoo!
2007-10-05 04:38:06 10240 --a------ C:\WINDOWS\b999.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B6C3DFA-A240-80EE-1E12-898DB9258FC0}]
C:\WINDOWS\system32\imbvxeg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
10/24/2007 07:17 AM 180224 --a------ C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2007 01:20 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/01/2007 02:04 PM]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jucmdhl"="C:\Program Files\Common Files\s?stem32\cmd.exe" []
"Jtj"="C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/10/2007 3:16:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client.lnk]
backup=C:\WINDOWS\pss\2Wire Wireless Client.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GoZone iSync.lnk]
backup=C:\WINDOWS\pss\GoZone iSync.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GoZone iSync.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PictureProject In Touch.lnk]
backup=C:\WINDOWS\pss\PictureProject In Touch.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PictureProject In Touch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
"C:\Program Files\DriveCleaner Free\UDC.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1124295227\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MondoTalk]
C:\Program Files\MondoTalk\MondoTalk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCVNq]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\PROGRA~1\REGIST~1\regclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2007-12-18 18:37:39 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 509.98 MiB / 145.73 MiB
Pagefile Memory (total/avail): 1248.86 MiB / 820.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 37.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L090AVV207-0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2004 (Symantec Corporation) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BYOND\\bin\\dreamseeker.exe"="C:\\Program Files\\BYOND\\bin\\dreamseeker.exe:*:Enabled:Dream Seeker"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JENWK12
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JENWK12
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=JENWK12
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Browser Protection Volume --> "C:\Program Files\Video AX Object\bpunst.exe"
Build Your Own Net Dream (remove only) --> C:\Program Files\BYOND\Uninst.exe
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Internet Explorer Secure Plug-in --> "C:\Program Files\Video AX Object\spunst.exe"
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lexmark 510 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenMG AAC Add-on Module 1.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3} UNINSTALL
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
PDF Manual NW-E000 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F0C7588-DC73-4465-8BAB-21813C1EC047}\setup.exe" -l0x9 UNINSTALL -removeonly
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch 1.0 --> C:\Program Files\Nikon\PictureProject In Touch\uninst.exe
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Messenger --> "C:\Program Files\Video AX Object\smunst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Tibia --> "C:\Program Files\Tibia\unins000.exe"
Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
UniUploader --> C:\Program Files\UniUploader\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type5697 / Success
Event Submitted/Written: 12/18/2007 11:29:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5692 / Warning
Event Submitted/Written: 12/17/2007 10:08:42 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5685 / Success
Event Submitted/Written: 12/17/2007 04:08:56 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5684 / Error
Event Submitted/Written: 12/17/2007 03:56:26 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-12-17 21:56:26,640 JENWK12 [000160:000224] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2488) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type5679 / Warning
Event Submitted/Written: 12/17/2007 03:37:12 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1635 / Warning
Event Submitted/Written: 12/18/2007 06:36:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {DD6708D6-E99C-4C4A-AC82-08122B42A3F5}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1634 / Warning
Event Submitted/Written: 12/18/2007 06:36:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%JENWK1227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %JENWK1227 can't undo changes that you allow.

For more information please see the following:
%JENWK12275

Scan ID: {4A18C2DC-810C-439B-8930-15E01C1077F0}

User: JENWK12\Owner

Name: %JENWK12271

ID: %JENWK12272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %JENWK12276

Alert Type: %JENWK12278

Detection Type: 1.1.1593.02

Event Record #/Type1613 / Error
Event Submitted/Written: 12/18/2007 09:19:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ventrilo service failed to start due to the following error:
%%2

Event Record #/Type1612 / Error
Event Submitted/Written: 12/18/2007 09:19:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SAVRTPEL service failed to start due to the following error:
%%3

Event Record #/Type1611 / Error
Event Submitted/Written: 12/18/2007 09:19:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Norton AntiVirus Auto Protect Service service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2007-12-18 18:37:39 ------------
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am

Re: help help me fix my friend computer

Unread postby random/random » December 19th, 2007, 3:39 pm

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: help help me fix my friend computer

Unread postby Andy35652 » December 19th, 2007, 4:01 pm

ComboFix 07-12-19.2 - Owner 2007-12-19 13:48:07.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\DriveCleaner Free
C:\Documents and Settings\Owner\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\zwinky.dat
C:\Documents and Settings\Owner\My Documents\APPATC~1
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\up.dat
C:\Program Files\Common Files\sstem3~1
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\mantec~1
C:\Program Files\MyWebSearch
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\b999.exe
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\tsks~1
C:\WINDOWS\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE


((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B6C3DFA-A240-80EE-1E12-898DB9258FC0}]
C:\WINDOWS\system32\imbvxeg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jucmdhl"="C:\Program Files\Common Files\s?stem32\cmd.exe" []
"Jtj"="C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 08:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 07:59]
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 13:20]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-01 14:04]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-01 14:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-10 15:16:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client.lnk]
backup=C:\WINDOWS\pss\2Wire Wireless Client.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GoZone iSync.lnk]
backup=C:\WINDOWS\pss\GoZone iSync.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GoZone iSync.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PictureProject In Touch.lnk]
backup=C:\WINDOWS\pss\PictureProject In Touch.lnkStartup
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PictureProject In Touch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
C:\Program Files\DriveCleaner Free\UDC.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-09 18:24 50760 --a------ C:\Program Files\Common Files\AOL\1124295227\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 07:59 126976 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 08:03 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a------ C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MondoTalk]
C:\Program Files\MondoTalk\MondoTalk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-08-13 18:04 5562368 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE REBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-26 20:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCVNq]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCV÷h$vùõš/‚²‘ÆßfÏC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ohcjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
C:\WINDOWS\system32\PRISMSVR.EXE /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\PROGRA~1\REGIST~1\regclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 14:42 1404928 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 05:17 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-09 23:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 18:46]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 19:57:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 13:56:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 13:59:03 - machine was rebooted
.
2007-12-19 14:17:58 --- E O F ---




and hijack this




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:14 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B6C3DFA-A240-80EE-1E12-898DB9258FC0} - C:\WINDOWS\system32\imbvxeg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKCU\..\Run: [Jucmdhl] "C:\Program Files\Common Files\s?stem32\cmd.exe"
O4 - HKCU\..\Run: [Jtj] "C:\Documents and Settings\Owner\My Documents\A?pPatch\wuaclt.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8001 bytes
Andy35652
Active Member
 
Posts: 9
Joined: December 14th, 2007, 11:28 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware