Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hi, its me AGAIN!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hi, its me AGAIN!!

Unread postby keekeemama30 » September 3rd, 2008, 9:34 pm

almost immediatly after getting an all clear, i started having even worse probs than before, if thats possible
first post
viewtopic.php?f=12&t=34177
it started with me getting a message saying my norton antivirus was out of date
so i opened the program(which is the 2009 beta by the way) and ran the update program it said that norton was completly up to date, but windows is still saying its in error, so i tried to remove norton and when i click on the norton change/remove button nothing happens, ihave no way to remove this program and i have been hearing this short tune constantly that sounds like it is made up of ring tones, if that makes sense, kinda like a fax sound but more of a actual tune
this tune is driving me crazy!!!
also i tried to download the free avg software
but i got this error message
Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
i ran spybot and it found these web entries
adrevolver
coremetrics
doubleclick
and right media
i then "fixed" them
also i just tried to run norton to do a manual scan and when i double click on norton, it wont open, it just sits there

i also ran antimalware
Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 3

10:04:27 PM 9/3/2008
mbam-log-09-03-2008 (22-04-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 66323
Time elapsed: 30 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
but i know thats not right


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:48 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\WJA079Q0\avg_free_stf_en_8_169a1359[1].exe
C:\DOCUME~1\Anthony\LOCALS~1\Temp\7zS36.tmp\avgsetup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1756123511
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe

--
End of file - 6394 bytes
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm
Advertisement
Register to Remove

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 9th, 2008, 4:11 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

I am currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 10th, 2008, 11:01 am

Ad-Aware
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Media Player
Adobe Shockwave Player
ArcSoft PhotoImpression 4
ATI - Software Uninstall Utility
ATI Display Driver
CCleaner (remove only)
Digital Photo Navigator 1.5
FoxyTunes for Firefox
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Solution Center 7.0
HP Update
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JumpStart Reading for Second Graders v1.0
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
Norton AntiVirus
OCR Software by I.R.I.S 7.0
RealPlayer
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Toolbar
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 10th, 2008, 4:28 pm

Hello,

End processes: (if they are present)

1. Press the CTRL+ALT+DEL keys simultaneously to open the Task Manager.
2. Find C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe and click on it.
3. Click End Process.
4. If it gives a warning than click yes.
5. Repeat steps 3 & 4 for each of the following processes: (if present)
    C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\WJA079Q0\avg_free_stf_en_8_169a1359[1].exe
    C:\DOCUME~1\Anthony\LOCALS~1\Temp\7zS36.tmp\avgsetup.exe
6. Close the Task Manager.

------------------------------------------------------------------------------------------------------------------------------------------

Open Notepad, paste the following code box contents into the text.
Code: Select all
sc stop "Norton AntiVirus"
sc config "Norton AntiVirus" start= disabled 


Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad and double click on FixSvc.bat
A Command window will flash on and off.

REBOOT your machine. Sign in to your usual account.

------------------------------------------------------------------------------------------------------------------------------------------

Uninstall Program using CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
Scroll down to Norton AntiVirus and click on it once to highlight the entry
Click Run Uninstaller
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

------------------------------------------------------------------------------------------------------------------------------------------

Please download and install one of these Antivirus programs

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
AntiVir
Avast
BitDefender

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

------------------------------------------------------------------------------------------------------------------------------------------

Next,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Also, please let me know if you were able to unisntall Norton using CCleaner.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 15th, 2008, 5:03 pm

i am going to try to do all this in the next day or 2,
please dont close this topic
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 15th, 2008, 6:59 pm

i am unable to open task manager, i tried numerous times
and i have done it in the past, but not today
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 15th, 2008, 7:09 pm

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close. This will enable your Task Manager and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.

After you run FixPolicies, try my instructions from the previous post again, beginning with Task Manager. Let me know if there are any problems.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 15th, 2008, 11:13 pm

i was able to open my task manager after following your instructions and norton was no where to be found nor were the other things you were looking for, also i was unable to remove norton using the cc cleaner
i was able to download avir and am currently doing a scan, although norton is still hanging around


Logfile of random's system information tool 1.01 (written by random/random)
Run by Anthony at 2008-09-15 22:37:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (87%) free of 57 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:27 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\XGBLYWCP\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1756123511
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe

--
End of file - 7572 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2008-06-02 880880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-18 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\IPSBHO.DLL [2008-08-26 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-27 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-04-08 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll [2008-06-02 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2008-06-02 880880]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-27 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-02 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-18 185896]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-10 125208]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EF8820EB-F11E-4DD6-BC6C-D99084691C18}"=C:\Program Files\Internet Explorer\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\opnkhgDs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-15 22:37:16 ----D---- C:\rsit
2008-09-15 22:23:09 ----D---- C:\Program Files\Avira
2008-09-15 22:23:09 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 11:25:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 11:25:10 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-04 11:25:09 ----D---- C:\Program Files\SpywareBlaster
2008-09-03 19:36:13 ----D---- C:\Program Files\ZoneAlarmSB
2008-09-03 19:29:44 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-03 19:29:44 ----D---- C:\Program Files\Zone Labs
2008-09-03 19:10:38 ----D---- C:\Documents and Settings\Anthony\Application Data\VersionTracker Pro
2008-09-03 19:10:13 ----D---- C:\Program Files\TechTracker
2008-09-03 17:13:21 ----D---- C:\Program Files\Symantec
2008-09-03 17:12:57 ----D---- C:\Program Files\Windows Sidebar
2008-09-03 17:12:51 ----D---- C:\Program Files\NortonInstaller
2008-09-03 17:12:51 ----D---- C:\Program Files\Norton AntiVirus
2008-09-03 16:11:57 ----D---- C:\Program Files\AskSBar
2008-09-03 16:10:47 ----D---- C:\Documents and Settings\Anthony\Application Data\Comodo
2008-09-03 16:10:34 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-03 16:10:29 ----D---- C:\Program Files\COMODO
2008-09-03 15:52:38 ----D---- C:\Program Files\Common Files\Adobe
2008-09-03 15:52:38 ----D---- C:\Program Files\Adobe
2008-09-03 15:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-03 15:40:35 ----D---- C:\Program Files\NOS
2008-09-03 13:42:16 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-09-02 08:43:20 ----D---- C:\Program Files\Lavasoft
2008-09-02 08:40:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 15:33:30 ----A---- C:\WINDOWS\system32\ftp.exe
2008-08-31 15:31:09 ----D---- C:\WINDOWS\ERUNT
2008-08-31 15:22:12 ----D---- C:\SDFix
2008-08-31 11:30:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-31 11:27:55 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-08-31 11:25:53 ----D---- C:\WINDOWS\Prefetch
2008-08-31 10:33:00 ----D---- C:\WINDOWS\system32\en-us
2008-08-31 10:32:52 ----D---- C:\WINDOWS\system32\scripting
2008-08-31 10:32:46 ----D---- C:\WINDOWS\l2schemas
2008-08-31 10:32:41 ----D---- C:\WINDOWS\system32\en
2008-08-31 09:54:52 ----D---- C:\WINDOWS\network diagnostic
2008-08-31 09:11:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-31 09:11:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-31 09:11:45 ----A---- C:\WINDOWS\system32\java.exe
2008-08-30 15:58:21 ----A---- C:\WINDOWS\system32\WING32.DLL
2008-08-30 15:57:34 ----D---- C:\KA
2008-08-30 15:57:34 ----A---- C:\WINDOWS\KA.INI
2008-08-29 19:56:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-08-28 22:12:20 ----D---- C:\Program Files\MSXML 4.0
2008-08-28 11:16:35 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-28 11:16:17 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-28 11:16:06 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 11:16:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 11:16:00 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 11:15:47 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-08-28 11:15:29 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 11:15:29 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 11:14:47 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-28 11:14:34 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 11:14:28 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 11:14:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 11:14:21 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 11:14:21 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 11:14:20 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 11:14:14 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-28 11:14:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 11:13:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-28 11:13:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 11:13:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 11:13:26 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-28 11:13:26 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-28 11:13:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 11:13:19 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 11:12:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 11:11:45 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 11:11:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 11:11:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 11:11:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 11:11:36 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 11:11:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 11:09:50 ----A---- C:\WINDOWS\005496_.tmp
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 11:09:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 11:09:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 11:09:25 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 11:09:15 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 11:08:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 11:08:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 11:08:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-28 09:19:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-27 21:13:54 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-27 21:13:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-26 20:26:51 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-26 20:21:08 ----D---- C:\Program Files\Digital Photo Navigator 1.5
2008-08-26 19:22:33 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-26 19:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-26 18:48:06 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-26 18:39:33 ----D---- C:\WINDOWS\peernet
2008-08-26 18:39:31 ----D---- C:\WINDOWS\provisioning
2008-08-26 18:33:35 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-26 18:24:38 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-26 18:19:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-26 18:19:49 ----D---- C:\WINDOWS\EHome
2008-08-26 13:52:46 ----A---- C:\WINDOWS\system32\wpa.bak
2008-08-26 13:52:40 ----A---- C:\WINDOWS\system32\pidgen.dll.wga
2008-08-26 13:52:39 ----A---- C:\WINDOWS\system32\EULA.TXT.wga
2008-08-26 13:52:39 ----A---- C:\WINDOWS\system32\dpcdll.dll.wga
2008-08-15 16:30:04 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-08-14 10:35:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-14 10:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-14 08:27:50 ----D---- C:\ComboFix
2008-08-14 08:27:48 ----A---- C:\WINDOWS\system32\CF23576.exe
2008-08-14 00:01:00 ----A---- C:\WINDOWS\system32\CF22604.exe
2008-08-13 23:58:32 ----A---- C:\WINDOWS\system32\CF22107.exe
2008-08-13 21:01:29 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-13 21:00:38 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-08-13 20:57:53 ----D---- C:\WINDOWS\Internet Logs
2008-08-13 17:56:31 ----D---- C:\Documents and Settings\Anthony\Application Data\Opera
2008-08-13 17:55:59 ----D---- C:\Program Files\Opera
2008-08-13 12:36:42 ----D---- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-08-13 12:36:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 12:36:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 08:24:44 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-08-09 23:17:36 ----D---- C:\Documents and Settings\Anthony\Application Data\Uniblue
2008-08-09 22:36:00 ----N---- C:\WINDOWS\system32\E8.tmp
2008-08-09 21:46:20 ----SHD---- C:\WINDOWS\CSC
2008-08-09 21:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-08-09 21:21:17 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-08-09 19:47:37 ----D---- C:\Program Files\Trend Micro
2008-08-01 15:31:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-01 15:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 15:24:06 ----D---- C:\Program Files\CCleaner
2008-08-01 15:17:32 ----D---- C:\Program Files\Sophos
2008-08-01 15:11:03 ----D---- C:\Program Files\Alwil Software
2008-07-30 20:02:21 ----D---- C:\Documents and Settings\Anthony\Application Data\Image Zone Express
2008-07-30 13:12:24 ----SH---- C:\WINDOWS\system32\bqtdatny.ini
2008-07-30 13:04:48 ----A---- C:\WINDOWS\system32\6bbe2fa4-.txt
2008-07-30 13:04:15 ----ASH---- C:\WINDOWS\system32\sDghknpo.ini2
2008-07-30 13:04:14 ----ASH---- C:\WINDOWS\system32\sDghknpo.ini
2008-07-26 22:03:22 ----D---- C:\Documents and Settings\Anthony\Application Data\ArcSoft
2008-07-26 15:26:52 ----A---- C:\WINDOWS\marscam.ini
2008-07-26 15:24:48 ----RA---- C:\WINDOWS\system32\mr310exv.dll
2008-07-26 15:24:48 ----RA---- C:\WINDOWS\system32\mr310exd.dll
2008-07-26 15:24:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-07-26 15:24:47 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2008-07-26 15:24:47 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-07-26 15:24:46 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-07-26 15:24:43 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-07-26 14:46:57 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-07-26 14:44:36 ----D---- C:\Program Files\ArcSoft
2008-07-14 06:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-09 13:22:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-08 20:30:20 ----D---- C:\Documents and Settings\Anthony\Application Data\MSN6
2008-07-08 20:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-03 04:14:02 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-06-16 18:20:04 ----D---- C:\WINDOWS\system32\appmgmt

List of drivers

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080822.001\IDSxpx86.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SRTSPX.SYS []
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-08-26 35888]
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S3 catchme;catchme; \??\C:\DOCUME~1\Anthony\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\System32\37.tmp []
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080828.050\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080828.050\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NAV\1000000.078\SRTSP.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-08-26 35888]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 138680]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.0.0.120\ccSvcHst.exe [2008-08-26 115560]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe []

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.01 2008-09-15 22:38:36

Uninstall list

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\Setup.exe" -l0x9
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JumpStart Reading for Second Graders v1.0-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSR2G\DeIsL1.isu
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\3EAA38BF\16.0.0.120\InstStub.exe /X
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Hosts File

127.0.0.1 localhost

Security center information

AV: Norton AntiVirus (outdated)
AV: Avira AntiVir PersonalEdition

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0007
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 16th, 2008, 12:02 am

this just in


Avira AntiVir Personal
Report file date: Monday, September 15, 2008 22:27

Scanning for 1616739 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANTHONY-PGMSX58

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 20:54:15
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 9/12/2008 03:25:13
ANTIVIR3.VDF : 7.0.6.161 67072 Bytes 9/15/2008 03:25:16
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 16:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/16/2008 03:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 19:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 9/16/2008 03:25:36
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 19:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/16/2008 03:25:33
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/16/2008 03:25:31
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 19:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/16/2008 03:25:23
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 15:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 9/16/2008 03:25:20
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 19:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 9/16/2008 03:25:17
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, September 15, 2008 22:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'YMailAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[1].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was moved to '49012f10.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[2].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was moved to '49012f26.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[3].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[4].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[5].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YD33ZVFH\c12345[6].jpg
[DETECTION] Is the TR/Delf.Inject.AS.4 Trojan
[NOTE] The file was deleted!


End of the scan: Monday, September 15, 2008 23:01
Used time: 33:57 Minute(s)

The scan has been done completely.

2346 Scanning directories
140367 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
140360 Files not concerned
1047 Archives were scanned
1 Warnings
6 Notes
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 17th, 2008, 3:03 pm

Hi,

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version, 1.5 or higher, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

---------------------------------------------------------------------------------------------------------------------------------------

Disable Ad-Aware

    First please disable Ad-Aware as it may interfere with repairs.

    • Click the Settings button, Auto Scans tab, and under "Scan on Ad-Aware startup",
    • be sure both selections for "No automated scan" are checked (green).
    • Then click Save and close Ad-Aware.

---------------------------------------------------------------------------------------------------------------------------------------

REMOVE NORTON

Please click HERE.

Follow the instructions in STEP 3 to download and run the norton removal tool.

---------------------------------------------------------------------------------------------------------------------------------------

Please delete RSIT.exe - There is a new version available
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 18th, 2008, 2:08 am

for some reason there was no info file that i could find this time(i knew that it should be minimized)


Logfile of random's system information tool 1.02 (written by random/random)
Run by Anthony at 2008-09-18 01:04:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (87%) free of 57 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:37 AM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\0VE7U5TR\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Anthony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1756123511
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7665 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2008-06-02 880880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-18 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-27 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-04-08 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn9\YTSingleInstance.dll [2008-06-02 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2008-06-02 880880]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-27 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-02 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-18 185896]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-10 125208]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EF8820EB-F11E-4DD6-BC6C-D99084691C18}"=C:\Program Files\Internet Explorer\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\opnkhgDs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Anthony\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Anthony\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-17 21:42:34 ----A---- C:\YServer.txt
2008-09-15 22:37:16 ----D---- C:\rsit
2008-09-15 22:23:09 ----D---- C:\Program Files\Avira
2008-09-15 22:23:09 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 11:25:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 11:25:10 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2008-09-04 11:25:09 ----D---- C:\Program Files\SpywareBlaster
2008-09-03 19:36:13 ----D---- C:\Program Files\ZoneAlarmSB
2008-09-03 19:29:44 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-03 19:29:44 ----D---- C:\Program Files\Zone Labs
2008-09-03 19:10:38 ----D---- C:\Documents and Settings\Anthony\Application Data\VersionTracker Pro
2008-09-03 19:10:13 ----D---- C:\Program Files\TechTracker
2008-09-03 17:12:51 ----D---- C:\Program Files\NortonInstaller
2008-09-03 16:11:57 ----D---- C:\Program Files\AskSBar
2008-09-03 16:10:47 ----D---- C:\Documents and Settings\Anthony\Application Data\Comodo
2008-09-03 16:10:34 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-03 16:10:29 ----D---- C:\Program Files\COMODO
2008-09-03 15:52:38 ----D---- C:\Program Files\Common Files\Adobe
2008-09-03 15:52:38 ----D---- C:\Program Files\Adobe
2008-09-03 15:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-03 15:40:35 ----D---- C:\Program Files\NOS
2008-09-03 13:42:16 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-09-02 08:43:20 ----D---- C:\Program Files\Lavasoft
2008-09-02 08:40:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 15:33:30 ----A---- C:\WINDOWS\system32\ftp.exe
2008-08-31 15:31:09 ----D---- C:\WINDOWS\ERUNT
2008-08-31 15:22:12 ----D---- C:\SDFix
2008-08-31 11:30:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-31 11:27:55 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-08-31 11:25:53 ----D---- C:\WINDOWS\Prefetch
2008-08-31 10:33:00 ----D---- C:\WINDOWS\system32\en-us
2008-08-31 10:32:52 ----D---- C:\WINDOWS\system32\scripting
2008-08-31 10:32:46 ----D---- C:\WINDOWS\l2schemas
2008-08-31 10:32:41 ----D---- C:\WINDOWS\system32\en
2008-08-31 09:54:52 ----D---- C:\WINDOWS\network diagnostic
2008-08-31 09:11:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-31 09:11:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-31 09:11:45 ----A---- C:\WINDOWS\system32\java.exe
2008-08-30 15:58:21 ----A---- C:\WINDOWS\system32\WING32.DLL
2008-08-30 15:57:34 ----D---- C:\KA
2008-08-30 15:57:34 ----A---- C:\WINDOWS\KA.INI
2008-08-29 19:56:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-28 22:12:20 ----D---- C:\Program Files\MSXML 4.0
2008-08-28 11:16:35 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-28 11:16:17 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-28 11:16:06 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 11:16:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 11:16:00 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 11:15:47 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-08-28 11:15:29 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 11:15:29 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 11:14:47 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-28 11:14:34 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 11:14:28 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 11:14:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 11:14:21 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 11:14:21 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 11:14:20 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 11:14:14 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-28 11:14:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 11:13:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-28 11:13:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 11:13:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 11:13:26 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-28 11:13:26 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-28 11:13:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 11:13:19 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 11:12:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 11:12:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 11:11:45 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 11:11:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 11:11:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 11:11:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 11:11:36 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 11:11:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 11:09:50 ----A---- C:\WINDOWS\005496_.tmp
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 11:09:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 11:09:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 11:09:34 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 11:09:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 11:09:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 11:09:25 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 11:09:15 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 11:08:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 11:08:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 11:08:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-28 09:19:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-27 21:13:54 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-27 21:13:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-26 20:26:51 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-26 20:21:08 ----D---- C:\Program Files\Digital Photo Navigator 1.5
2008-08-26 19:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-26 18:48:06 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-26 18:39:33 ----D---- C:\WINDOWS\peernet
2008-08-26 18:39:31 ----D---- C:\WINDOWS\provisioning
2008-08-26 18:33:35 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-26 18:24:38 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-26 18:19:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-26 18:19:49 ----D---- C:\WINDOWS\EHome
2008-08-26 13:52:46 ----A---- C:\WINDOWS\system32\wpa.bak
2008-08-26 13:52:40 ----A---- C:\WINDOWS\system32\pidgen.dll.wga
2008-08-26 13:52:39 ----A---- C:\WINDOWS\system32\EULA.TXT.wga
2008-08-26 13:52:39 ----A---- C:\WINDOWS\system32\dpcdll.dll.wga

======List of files/folders modified in the last 1 months======

2008-09-18 00:59:14 ----D---- C:\WINDOWS\Temp
2008-09-18 00:59:06 ----D---- C:\WINDOWS
2008-09-18 00:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-09-18 00:58:09 ----SHD---- C:\System Volume Information
2008-09-18 00:58:09 ----RD---- C:\Program Files
2008-09-18 00:56:47 ----D---- C:\WINDOWS\system32\drivers
2008-09-18 00:56:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-18 00:56:18 ----D---- C:\WINDOWS\system32
2008-09-18 00:56:17 ----HD---- C:\WINDOWS\inf
2008-09-18 00:56:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-18 00:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-18 00:45:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-18 00:44:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 21:43:15 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-17 21:41:45 ----D---- C:\Program Files\Yahoo!
2008-09-17 16:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-17 11:20:11 ----D---- C:\Program Files\Mozilla Firefox
2008-09-16 10:17:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-15 23:13:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 16:34:08 ----D---- C:\WINDOWS\Debug
2008-09-09 19:58:00 ----D---- C:\WINDOWS\WinSxS
2008-09-06 19:31:23 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-04 08:00:04 ----HD---- C:\Config.Msi
2008-09-03 20:35:35 ----SHD---- C:\WINDOWS\Installer
2008-09-03 20:35:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-03 20:33:17 ----SD---- C:\Documents and Settings\Anthony\Application Data\Microsoft
2008-09-03 20:10:06 ----D---- C:\WINDOWS\system32\config
2008-09-03 20:09:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-03 20:09:43 ----D---- C:\WINDOWS\Registration
2008-09-03 20:05:17 ----D---- C:\WINDOWS\Internet Logs
2008-09-03 15:57:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-03 15:52:38 ----D---- C:\Program Files\Common Files
2008-09-03 15:20:32 ----D---- C:\WINDOWS\system32\Restore
2008-09-03 13:42:51 ----RSD---- C:\WINDOWS\Fonts
2008-09-02 08:43:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-01 20:01:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-31 15:36:14 ----SD---- C:\WINDOWS\system32\Microsoft
2008-08-31 11:30:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-31 11:28:15 ----A---- C:\WINDOWS\win.ini
2008-08-31 11:27:55 ----D---- C:\Program Files\Windows Media Player
2008-08-31 11:27:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-31 11:24:45 ----D---- C:\WINDOWS\system32\Setup
2008-08-31 11:24:45 ----D---- C:\Program Files\Messenger
2008-08-31 11:24:44 ----D---- C:\WINDOWS\AppPatch
2008-08-31 11:23:46 ----D---- C:\WINDOWS\security
2008-08-31 10:34:18 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-31 10:34:15 ----D---- C:\WINDOWS\ime
2008-08-31 10:34:14 ----D---- C:\WINDOWS\Help
2008-08-31 10:33:00 ----D---- C:\WINDOWS\system32\usmt
2008-08-31 10:32:48 ----D---- C:\Program Files\Internet Explorer
2008-08-31 10:32:38 ----D---- C:\WINDOWS\system32\bits
2008-08-31 10:32:36 ----D---- C:\Program Files\Movie Maker
2008-08-31 10:11:45 ----D---- C:\WINDOWS\system32\npp
2008-08-31 10:11:04 ----D---- C:\WINDOWS\msagent
2008-08-31 10:10:07 ----D---- C:\WINDOWS\srchasst
2008-08-31 10:09:46 ----D---- C:\Program Files\NetMeeting
2008-08-31 10:09:10 ----D---- C:\WINDOWS\system32\Com
2008-08-31 10:08:39 ----D---- C:\Program Files\Windows NT
2008-08-31 10:08:39 ----D---- C:\Program Files\Outlook Express
2008-08-31 10:08:19 ----D---- C:\Program Files\Common Files\System
2008-08-31 10:06:27 ----D---- C:\WINDOWS\system32\oobe
2008-08-31 10:06:05 ----D---- C:\WINDOWS\system
2008-08-31 09:47:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-31 09:11:28 ----D---- C:\Program Files\Java
2008-08-31 08:56:07 ----D---- C:\Program Files\Opera
2008-08-30 22:37:25 ----D---- C:\Documents and Settings\Anthony\Application Data\Mozilla
2008-08-27 20:22:41 ----D---- C:\Program Files\Google
2008-08-26 20:21:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-26 20:19:33 ----D---- C:\Program Files\Sophos
2008-08-26 20:19:19 ----SD---- C:\WINDOWS\Tasks
2008-08-26 20:18:53 ----D---- C:\WINDOWS\twain_32
2008-08-26 18:41:28 ----D---- C:\WINDOWS\system32\mui
2008-08-26 18:39:31 ----D---- C:\WINDOWS\Media
2008-08-26 18:27:59 ----RD---- C:\WINDOWS\Web
2008-08-26 18:27:32 ----RASH---- C:\NTDETECT.COM
2008-08-25 16:53:29 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 catchme;catchme; \??\C:\DOCUME~1\Anthony\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\System32\37.tmp []
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 138680]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe []

-----------------EOF-----------------
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 18th, 2008, 3:57 pm

Hello,

Registry Cleaners

I notice the presence of Uniblue RegistryBooster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

-------------------------------------------------------------------------------------------------------

Uninstall Outdated Java
Please Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Java(TM) 6 Update 5

-------------------------------------------------------------------------------------------------------

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.

-------------------------------------------------------------------------------------------------------

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

-------------------------------------------------------------------------------------------------------

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log and a description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 18th, 2008, 7:57 pm

actually i never downloaded a registry cleaner, surprise, surprise
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby keekeemama30 » September 18th, 2008, 11:46 pm

hursday, September 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 19, 2008 02:15:21
Records in database: 1248563
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 30061
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:54:43

No malware has been detected. The scan area is clean.
The selected area was scanned.
keekeemama30
Regular Member
 
Posts: 31
Joined: August 12th, 2008, 9:33 pm

Re: hi, its me AGAIN!!

Unread postby Carolyn » September 19th, 2008, 6:45 am

Hello,

Please post a fresh HijackThis log and a description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 498 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware