I JUST WANT TO FIRST THANK U SO MUCH FOR ALL YOUR HELP....EVEN THO I DONT KNOW WHAT MOST OF THE THINGS U TOLD ME TO DO, IN FACT, DOES...LOL, BUT I KNOW ITS DOING A LOT MORE THAN WHAT I WAS DOING BEFORE....SO THANK U
HERE'S THE REPORTS U ASKED FOR :
SYSTEM SCAN:
Deckard's System Scanner v20071014.68
Run by DJ Tizzle on 2008-01-01 17:04:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 1 Restore Point(s) --
1: 2008-01-01 05:46:29 UTC - RP63 - Scheduled Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 79% (more than 75%).Total Physical Memory: 503 MiB (1024 MiB recommended).-- HijackThis (run as DJ Tizzle.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:45 PM, on 1/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\ClipMagic\clipmagic.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Windows\System32\mobsync.exe
C:\Users\DJ Tizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQP4772Y\dss[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DJ Tizzle.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic\clipmagic.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe
--
End of file - 5435 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080101-143227-134 O4 - HKLM\..\Run: [resfixmsi] C:\Windows\resfix32v.exe
backup-20080101-143227-831 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://games.pogo.com/online2/pogo/chuz ... der_v6.cabbackup-20080101-143228-785 O20 - AppInit_DLLs: C:\Windows\sysloader32v.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Kerio VPN adapter
Device ID: ROOT\KVPNDEV\0000
Manufacturer: KerioTechnologies
Name: Kerio VPN adapter
PNP Device ID: ROOT\KVPNDEV\0000
Service: kvpndev
-- Scheduled Tasks -------------------------------------------------------------
2008-01-01 17:00:45 446 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-12-30 11:15:19 380 --a------ C:\Windows\Tasks\RegCure.job
-- Files created between 2007-12-01 and 2008-01-01 -----------------------------
2008-01-01 16:01:05 0 d-------- C:\Users\All Users\Grisoft
2008-01-01 14:40:24 0 d-------- C:\Program Files\CCleaner
2007-12-31 23:32:59 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-31 23:32:57 0 d-------- C:\Program Files\ClipMagic
2007-12-30 05:46:36 0 d-------- C:\Program Files\RegCure
2007-12-29 14:26:42 0 d-------- C:\Program Files\Trend Micro
2007-12-29 06:18:34 0 d-------- C:\Program Files\Kerio
2007-12-29 00:00:20 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2007-12-27 18:24:33 0 d-------- C:\Users\All Users\Gtek
2007-12-26 16:00:08 0 d-------- C:\Program Files\Zune
2007-12-26 11:37:40 0 d--h----- C:\Windows\msdownld.tmp
2007-12-26 11:37:32 0 d-------- C:\Windows\system32\directx
2007-12-26 10:51:34 0 d-------- C:\Users\DJ Tizzle\B
2007-12-26 10:20:53 0 d-------- C:\Users\All Users\Winamp Toolbar
2007-12-26 10:20:52 0 d-------- C:\Program Files\Winamp Toolbar
2007-12-26 10:20:27 0 d-------- C:\Users\All Users\OrbNetworks
2007-12-26 10:20:16 0 d-------- C:\Program Files\Winamp Remote
2007-12-26 10:17:44 0 d-------- C:\Program Files\Winamp
2007-12-26 00:52:24 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-12-26 00:52:24 164352 --a------ C:\Windows\system32\unrar.dll
2007-12-26 00:52:23 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-26 00:27:29 304128 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-12-25 18:43:11 6545 --a------ C:\Windows\sysfixmsi.exe
2007-12-25 18:43:11 0 --a------ C:\Windows\mdata83102235.dat
2007-12-25 18:43:07 0 --a------ C:\Windows\mv9381732.dat
2007-12-25 17:22:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-25 17:22:13 0 d-------- C:\Users\All Users\Adobe
2007-12-25 17:21:36 0 d-------- C:\Windows\Downloaded Installations
2007-12-25 15:58:48 0 d-------- C:\Program Files\uTorrent
2007-12-25 02:38:51 0 dr-h----- C:\$VAULT$.AVG
2007-12-21 02:13:49 0 d-a------ C:\Users\All Users\TEMP
2007-12-21 02:13:08 0 d-------- C:\Program Files\Oberon Media
2007-12-19 01:50:25 0 d-------- C:\Windows\Sun
2007-12-19 01:49:45 0 d-------- C:\Users\All Users\Google
2007-12-19 01:49:32 0 d-------- C:\Program Files\Google
2007-12-19 01:44:00 0 d-------- C:\Program Files\Java
2007-12-19 01:43:41 0 d-------- C:\Program Files\Common Files\Java
-- Find3M Report ---------------------------------------------------------------
2008-01-01 17:00:03 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\ClipMagic
2008-01-01 16:01:27 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Grisoft
2008-01-01 15:43:13 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\AVG7
2007-12-30 06:00:07 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\uTorrent
2007-12-29 06:23:12 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Kerio
2007-12-29 03:50:43 0 d-------- C:\Program Files\Common Files
2007-12-29 03:48:22 0 d-------- C:\Program Files\MSBuild
2007-12-29 03:24:24 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Leadertech
2007-12-27 18:24:28 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\GTek
2007-12-26 10:22:32 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Winamp
2007-12-26 00:51:32 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Media Player Classic
2007-12-25 17:34:17 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Adobe
2007-12-25 16:47:51 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\WinRAR
2007-12-19 02:56:59 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Google
2007-12-19 02:18:24 0 d-------- C:\Program Files\Windows Mail
2007-10-27 15:34:04 0 --a------ C:\Windows\nsreg.dat
2007-10-27 01:43:07 174 --ahs---- C:\Program Files\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
12/13/2007 11:49 AM 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [12/13/2007 11:49 AM 1185120]
[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/11/2007 10:26 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 10:16 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 07:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/19/2007 01:53 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:33 AM]
"WrCtrl"="C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe" [05/25/2007 03:00 PM]
C:\Users\DJ Tizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ClipMagic.lnk - C:\Program Files\ClipMagic\clipmagic.exe [12/13/2005 8:51:01 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=1 (0x1)
"EnableLUA"=0 (0x0)
"PromptOnSecureDesktop"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=0
"NoLowDiskSpaceChecks"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-01-01 17:08:51 ------------
EXTRA TXT:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 502.82 MiB / 104.22 MiB
Pagefile Memory (total/avail): 1498 MiB / 798.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.95 MiB
C: is Fixed (NTFS) - 34.23 GiB total, 10.37 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX ATA Device - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 15.66 MiB
\PARTITION1 (bootable) - Installable File System - 34.23 GiB - C:
\PARTITION2 - Unknown - 3 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Kerio WinRoute Firewall v6.3.1 build 2906 (Kerio Technologies)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
OutdatedAS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\DJ Tizzle\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJTIZZLE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\DJ Tizzle
LOCALAPPDATA=C:\Users\DJ Tizzle\AppData\Local
LOGONSERVER=\\DJTIZZLE-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\DJTIZZ~1\AppData\Local\Temp
TMP=C:\Users\DJTIZZ~1\AppData\Local\Temp
USERDOMAIN=DJTizzle-PC
USERNAME=DJ Tizzle
USERPROFILE=C:\Users\DJ Tizzle
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
DJ Tizzle
(admin)-- Add/Remove Programs ---------------------------------------------------------
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClipMagic 3.2.3 --> C:\Windows\iun6002.exe "C:\Program Files\ClipMagic\irunin.ini"
Fairy Godmother Tycoon --> "C:\Program Files\Oberon Media\Fairy Godmother Tycoon\Uninstall.exe" "C:\Program Files\Oberon Media\Fairy Godmother Tycoon\install.log"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.7 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Nero Burning ROM --> MsiExec.exe /X{2D79124E-B4F8-40D6-A7F2-AB7249FF34BF}
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
-- Application Event Log -------------------------------------------------------
Event Record #/Type2496 / Warning
Event Submitted/Written: 01/01/2008 05:01:39 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.
Event Record #/Type2493 / Warning
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.
Event Record #/Type2492 / Error
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 3058 / Windows Search Service
Event Description:
The application cannot be initialized.
Context: Windows Application
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)
Event Record #/Type2491 / Error
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 3028 / Windows Search Service
Event Description:
The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)
Event Record #/Type2488 / Error
Event Submitted/Written: 01/01/2008 05:00:28 PM
Event ID/Source: 3038 / Windows Search Service
Event Description:
The gatherer is unable to read the registry DocIdMapFile.
Context: Application, SystemIndex Catalog
Details:
The system cannot find the file specified. (0x80070002)
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type19692 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.
For more information please see the following:
%DJTizzle-PC275
Scan ID: {1E12CA93-8C31-4E31-A9A0-25560B182A1D}
User: DJTizzle-PC\DJ Tizzle
Name: %DJTizzle-PC271
ID: %DJTizzle-PC272
Severity ID: %DJTizzle-PC273
Category ID: %DJTizzle-PC274
Path Found: %DJTizzle-PC276
Alert Type: %DJTizzle-PC278
Detection Type: 1.1.1505.02
Event Record #/Type19691 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.
For more information please see the following:
%DJTizzle-PC275
Scan ID: {65ED19BA-7F65-48A3-BB3E-65E7B2CD8890}
User: DJTizzle-PC\DJ Tizzle
Name: %DJTizzle-PC271
ID: %DJTizzle-PC272
Severity ID: %DJTizzle-PC273
Category ID: %DJTizzle-PC274
Path Found: %DJTizzle-PC276
Alert Type: %DJTizzle-PC278
Detection Type: 1.1.1505.02
Event Record #/Type19690 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.
For more information please see the following:
%DJTizzle-PC275
Scan ID: {C6CA9169-D591-4BE8-A9E1-AA0738323694}
User: DJTizzle-PC\DJ Tizzle
Name: %DJTizzle-PC271
ID: %DJTizzle-PC272
Severity ID: %DJTizzle-PC273
Category ID: %DJTizzle-PC274
Path Found: %DJTizzle-PC276
Alert Type: %DJTizzle-PC278
Detection Type: 1.1.1505.02
Event Record #/Type19689 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.
For more information please see the following:
%DJTizzle-PC275
Scan ID: {181F10E6-DAFA-4E2E-A830-FF3F861AA849}
User: DJTizzle-PC\DJ Tizzle
Name: %DJTizzle-PC271
ID: %DJTizzle-PC272
Severity ID: %DJTizzle-PC273
Category ID: %DJTizzle-PC274
Path Found: %DJTizzle-PC276
Alert Type: %DJTizzle-PC278
Detection Type: 1.1.1505.02
Event Record #/Type19676 / Error
Event Submitted/Written: 01/01/2008 05:01:49 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
1Restart the serviceWindows Search%%1056
-- End of Deckard's System Scanner: finished at 2008-01-01 17:08:51 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:47 PM, on 1/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\ClipMagic\clipmagic.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic\clipmagic.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe
--
End of file - 5385 bytes
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:56:10 PM 1/1/2008
+ Scan result:
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080101-143227-831.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup (quarantined).
::Report end
ON THE OTMOVEIT IT REPORT.....I FOLLOWED THE STEPS EXACTLY LIKE U SAID AND AFTER I COPIED AND PASTED THE FILE PATHS LISTED ON YOUR REPLY, SOMETHING HAPPENED TO THE REPORT THAT U TOLD ME TO COPY.....I TRIED TO REPEAT THE STEPS AND THEN INSTEAD OF THERE BEING A REPORT, IT SAID THAT FILES NO LONGER EXISTED.....IF YOU HAVE TO HAVE THE REPORT THEN ID BE GLAD TO FOLLOW YOUR INSTRUCTIONS IN DOING SO......AGAIN, I THANK YOU SO MUCH FOR YOUR HELP