Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE HELP MY COMPUTER!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PLEASE HELP MY COMPUTER!!!

Unread postby TVANDYNE » December 29th, 2007, 4:14 pm

I NEED SUM1'S HELP!!!....IVE GOT SOME FRIGGIN VIRUSES OR SOMETHING....ID LIKE TO GET RID OF THEM....IM GOOD WITH INSTRUCTIONS, OR PLEASE DIRECT ME TO A WEBSITE OR PROGRAM I NEED TO DOWLOAD TO FIX THIS PROBLEM....DONATION IS GUARANTEED IF PROBLEM IS SOLVED.....MY EMAIL IS

Edit: Email address removed - not required : ChrisRLG


....PLEASE CONTACT ME THRU THAT EMAIL....IM NOT REALLY SURE HOW THIS "FORUM" THING WORKS...LOL....THX FOR YOUR TIME

HERE'S THE LOGFILE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:39 PM, on 12/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\resfix32v.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [resfixmsi] C:\Windows\resfix32v.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuz ... der_v6.cab
O20 - AppInit_DLLs: C:\Windows\sysloader32v.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe

--
End of file - 5953 bytes
TVANDYNE
Active Member
 
Posts: 4
Joined: December 29th, 2007, 3:42 pm
Advertisement
Register to Remove

Re: PLEASE HELP MY COMPUTER!!!

Unread postby Bob4 » December 30th, 2007, 10:18 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!




______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O4 - HKLM\..\Run: [resfixmsi] C:\Windows\resfix32v.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuz ... der_v6.cab
O20 - AppInit_DLLs: C:\Windows\sysloader32v.dll




_________________________________
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\resfix32v.exe
    C:\Windows\sysloader32v.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Close OTMoveIt
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")




______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.




__________________________
Deckard's System Scanner (DSS)
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from AVG anti Spyware
  • The report from OTMOVEIT
  • The report from Deckars system scanner (DSS)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: PLEASE HELP MY COMPUTER!!!

Unread postby Bob4 » December 31st, 2007, 8:16 am

Please DO NOT post in someone else's thread here. As you have here
viewtopic.php?f=11&t=26457&p=250179#p250179
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: PLEASE HELP MY COMPUTER!!!

Unread postby TVANDYNE » January 1st, 2008, 6:23 pm

I JUST WANT TO FIRST THANK U SO MUCH FOR ALL YOUR HELP....EVEN THO I DONT KNOW WHAT MOST OF THE THINGS U TOLD ME TO DO, IN FACT, DOES...LOL, BUT I KNOW ITS DOING A LOT MORE THAN WHAT I WAS DOING BEFORE....SO THANK U

HERE'S THE REPORTS U ASKED FOR :

SYSTEM SCAN:
Deckard's System Scanner v20071014.68
Run by DJ Tizzle on 2008-01-01 17:04:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-01-01 05:46:29 UTC - RP63 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 503 MiB (1024 MiB recommended).


-- HijackThis (run as DJ Tizzle.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:45 PM, on 1/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\ClipMagic\clipmagic.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Windows\System32\mobsync.exe
C:\Users\DJ Tizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQP4772Y\dss[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DJ Tizzle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic\clipmagic.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe

--
End of file - 5435 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080101-143227-134 O4 - HKLM\..\Run: [resfixmsi] C:\Windows\resfix32v.exe
backup-20080101-143227-831 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuz ... der_v6.cab
backup-20080101-143228-785 O20 - AppInit_DLLs: C:\Windows\sysloader32v.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Kerio VPN adapter
Device ID: ROOT\KVPNDEV\0000
Manufacturer: KerioTechnologies
Name: Kerio VPN adapter
PNP Device ID: ROOT\KVPNDEV\0000
Service: kvpndev


-- Scheduled Tasks -------------------------------------------------------------

2008-01-01 17:00:45 446 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-12-30 11:15:19 380 --a------ C:\Windows\Tasks\RegCure.job


-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2008-01-01 16:01:05 0 d-------- C:\Users\All Users\Grisoft
2008-01-01 14:40:24 0 d-------- C:\Program Files\CCleaner
2007-12-31 23:32:59 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-31 23:32:57 0 d-------- C:\Program Files\ClipMagic
2007-12-30 05:46:36 0 d-------- C:\Program Files\RegCure
2007-12-29 14:26:42 0 d-------- C:\Program Files\Trend Micro
2007-12-29 06:18:34 0 d-------- C:\Program Files\Kerio
2007-12-29 00:00:20 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2007-12-27 18:24:33 0 d-------- C:\Users\All Users\Gtek
2007-12-26 16:00:08 0 d-------- C:\Program Files\Zune
2007-12-26 11:37:40 0 d--h----- C:\Windows\msdownld.tmp
2007-12-26 11:37:32 0 d-------- C:\Windows\system32\directx
2007-12-26 10:51:34 0 d-------- C:\Users\DJ Tizzle\B
2007-12-26 10:20:53 0 d-------- C:\Users\All Users\Winamp Toolbar
2007-12-26 10:20:52 0 d-------- C:\Program Files\Winamp Toolbar
2007-12-26 10:20:27 0 d-------- C:\Users\All Users\OrbNetworks
2007-12-26 10:20:16 0 d-------- C:\Program Files\Winamp Remote
2007-12-26 10:17:44 0 d-------- C:\Program Files\Winamp
2007-12-26 00:52:24 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-12-26 00:52:24 164352 --a------ C:\Windows\system32\unrar.dll
2007-12-26 00:52:23 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-26 00:27:29 304128 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-12-25 18:43:11 6545 --a------ C:\Windows\sysfixmsi.exe
2007-12-25 18:43:11 0 --a------ C:\Windows\mdata83102235.dat
2007-12-25 18:43:07 0 --a------ C:\Windows\mv9381732.dat
2007-12-25 17:22:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-25 17:22:13 0 d-------- C:\Users\All Users\Adobe
2007-12-25 17:21:36 0 d-------- C:\Windows\Downloaded Installations
2007-12-25 15:58:48 0 d-------- C:\Program Files\uTorrent
2007-12-25 02:38:51 0 dr-h----- C:\$VAULT$.AVG
2007-12-21 02:13:49 0 d-a------ C:\Users\All Users\TEMP
2007-12-21 02:13:08 0 d-------- C:\Program Files\Oberon Media
2007-12-19 01:50:25 0 d-------- C:\Windows\Sun
2007-12-19 01:49:45 0 d-------- C:\Users\All Users\Google
2007-12-19 01:49:32 0 d-------- C:\Program Files\Google
2007-12-19 01:44:00 0 d-------- C:\Program Files\Java
2007-12-19 01:43:41 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-01-01 17:00:03 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\ClipMagic
2008-01-01 16:01:27 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Grisoft
2008-01-01 15:43:13 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\AVG7
2007-12-30 06:00:07 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\uTorrent
2007-12-29 06:23:12 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Kerio
2007-12-29 03:50:43 0 d-------- C:\Program Files\Common Files
2007-12-29 03:48:22 0 d-------- C:\Program Files\MSBuild
2007-12-29 03:24:24 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Leadertech
2007-12-27 18:24:28 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\GTek
2007-12-26 10:22:32 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Winamp
2007-12-26 00:51:32 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Media Player Classic
2007-12-25 17:34:17 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Adobe
2007-12-25 16:47:51 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\WinRAR
2007-12-19 02:56:59 0 d-------- C:\Users\DJ Tizzle\AppData\Roaming\Google
2007-12-19 02:18:24 0 d-------- C:\Program Files\Windows Mail
2007-10-27 15:34:04 0 --a------ C:\Windows\nsreg.dat
2007-10-27 01:43:07 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
12/13/2007 11:49 AM 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [12/13/2007 11:49 AM 1185120]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/11/2007 10:26 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 10:16 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 07:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/19/2007 01:53 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:33 AM]
"WrCtrl"="C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe" [05/25/2007 03:00 PM]

C:\Users\DJ Tizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ClipMagic.lnk - C:\Program Files\ClipMagic\clipmagic.exe [12/13/2005 8:51:01 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=1 (0x1)
"EnableLUA"=0 (0x0)
"PromptOnSecureDesktop"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=0
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-01 17:08:51 ------------

EXTRA TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 502.82 MiB / 104.22 MiB
Pagefile Memory (total/avail): 1498 MiB / 798.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.95 MiB

C: is Fixed (NTFS) - 34.23 GiB total, 10.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX ATA Device - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 15.66 MiB
\PARTITION1 (bootable) - Installable File System - 34.23 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kerio WinRoute Firewall v6.3.1 build 2906 (Kerio Technologies)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\DJ Tizzle\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJTIZZLE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\DJ Tizzle
LOCALAPPDATA=C:\Users\DJ Tizzle\AppData\Local
LOGONSERVER=\\DJTIZZLE-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\DJTIZZ~1\AppData\Local\Temp
TMP=C:\Users\DJTIZZ~1\AppData\Local\Temp
USERDOMAIN=DJTizzle-PC
USERNAME=DJ Tizzle
USERPROFILE=C:\Users\DJ Tizzle
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

DJ Tizzle (admin)


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClipMagic 3.2.3 --> C:\Windows\iun6002.exe "C:\Program Files\ClipMagic\irunin.ini"
Fairy Godmother Tycoon --> "C:\Program Files\Oberon Media\Fairy Godmother Tycoon\Uninstall.exe" "C:\Program Files\Oberon Media\Fairy Godmother Tycoon\install.log"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.7 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Nero Burning ROM --> MsiExec.exe /X{2D79124E-B4F8-40D6-A7F2-AB7249FF34BF}
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6}
Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2496 / Warning
Event Submitted/Written: 01/01/2008 05:01:39 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.

Event Record #/Type2493 / Warning
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.

Event Record #/Type2492 / Error
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 3058 / Windows Search Service
Event Description:
The application cannot be initialized.

Context: Windows Application

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

Event Record #/Type2491 / Error
Event Submitted/Written: 01/01/2008 05:01:15 PM
Event ID/Source: 3028 / Windows Search Service
Event Description:
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

Event Record #/Type2488 / Error
Event Submitted/Written: 01/01/2008 05:00:28 PM
Event ID/Source: 3038 / Windows Search Service
Event Description:
The gatherer is unable to read the registry DocIdMapFile.

Context: Application, SystemIndex Catalog

Details:
The system cannot find the file specified. (0x80070002)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19692 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.

For more information please see the following:
%DJTizzle-PC275

Scan ID: {1E12CA93-8C31-4E31-A9A0-25560B182A1D}

User: DJTizzle-PC\DJ Tizzle

Name: %DJTizzle-PC271

ID: %DJTizzle-PC272

Severity ID: %DJTizzle-PC273

Category ID: %DJTizzle-PC274

Path Found: %DJTizzle-PC276

Alert Type: %DJTizzle-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19691 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.

For more information please see the following:
%DJTizzle-PC275

Scan ID: {65ED19BA-7F65-48A3-BB3E-65E7B2CD8890}

User: DJTizzle-PC\DJ Tizzle

Name: %DJTizzle-PC271

ID: %DJTizzle-PC272

Severity ID: %DJTizzle-PC273

Category ID: %DJTizzle-PC274

Path Found: %DJTizzle-PC276

Alert Type: %DJTizzle-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19690 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.

For more information please see the following:
%DJTizzle-PC275

Scan ID: {C6CA9169-D591-4BE8-A9E1-AA0738323694}

User: DJTizzle-PC\DJ Tizzle

Name: %DJTizzle-PC271

ID: %DJTizzle-PC272

Severity ID: %DJTizzle-PC273

Category ID: %DJTizzle-PC274

Path Found: %DJTizzle-PC276

Alert Type: %DJTizzle-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19689 / Warning
Event Submitted/Written: 01/01/2008 05:06:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DJTizzle-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DJTizzle-PC27 can't undo changes that you allow.

For more information please see the following:
%DJTizzle-PC275

Scan ID: {181F10E6-DAFA-4E2E-A830-FF3F861AA849}

User: DJTizzle-PC\DJ Tizzle

Name: %DJTizzle-PC271

ID: %DJTizzle-PC272

Severity ID: %DJTizzle-PC273

Category ID: %DJTizzle-PC274

Path Found: %DJTizzle-PC276

Alert Type: %DJTizzle-PC278

Detection Type: 1.1.1505.02

Event Record #/Type19676 / Error
Event Submitted/Written: 01/01/2008 05:01:49 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
1Restart the serviceWindows Search%%1056



-- End of Deckard's System Scanner: finished at 2008-01-01 17:08:51 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:47 PM, on 1/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
C:\Program Files\ClipMagic\clipmagic.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic\clipmagic.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe

--
End of file - 5385 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:56:10 PM 1/1/2008

+ Scan result:



C:\Program Files\Trend Micro\HijackThis\backups\backup-20080101-143227-831.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup (quarantined).


::Report end

ON THE OTMOVEIT IT REPORT.....I FOLLOWED THE STEPS EXACTLY LIKE U SAID AND AFTER I COPIED AND PASTED THE FILE PATHS LISTED ON YOUR REPLY, SOMETHING HAPPENED TO THE REPORT THAT U TOLD ME TO COPY.....I TRIED TO REPEAT THE STEPS AND THEN INSTEAD OF THERE BEING A REPORT, IT SAID THAT FILES NO LONGER EXISTED.....IF YOU HAVE TO HAVE THE REPORT THEN ID BE GLAD TO FOLLOW YOUR INSTRUCTIONS IN DOING SO......AGAIN, I THANK YOU SO MUCH FOR YOUR HELP
TVANDYNE
Active Member
 
Posts: 4
Joined: December 29th, 2007, 3:42 pm

Re: PLEASE HELP MY COMPUTER!!!

Unread postby TVANDYNE » January 1st, 2008, 6:25 pm

HERE IS EXACTLY WHAT OTMOVEIT SAYS WHEN I TRY TO COPY AND PASTE THE FILE PATHS:

File/Folder C:\Windows\resfix32v.exe not found.
File/Folder C:\Windows\sysloader32v.dll not found.

Created on 01/01/2008 17:21:39
TVANDYNE
Active Member
 
Posts: 4
Joined: December 29th, 2007, 3:42 pm

Re: PLEASE HELP MY COMPUTER!!!

Unread postby Bob4 » January 2nd, 2008, 8:23 am

_____________________________
Submit 3 files to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.


C:\Windows\sysfixmsi.exe
C:\Windows\mdata83102235.dat
C:\Windows\mv9381732.dat



Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html


_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.


_______________________
open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.
_________________________
In your next reply I would like to see:
  • A new HJT log
  • The 3 reports from Jottis/ Virus total
  • The report from Kasperskys.
  • The uninstall list from ccleaner
  • How are things operating now ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: PLEASE HELP MY COMPUTER!!!

Unread postby Bob4 » January 6th, 2008, 8:18 pm

Still with me ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: PLEASE HELP MY COMPUTER!!!

Unread postby Gary R » January 10th, 2008, 4:46 am

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware