bojang1es

My computer has slowly been getting worse ever since a few weeks ago when I believe I accidentally clicked an internet explorer pop up and downloaded something? Internet explorer continues to open processes and I have continuous ie pop ups even though I use firefox. My internet has been extremely slow, often to the point where I cant play videos and music or even run a search on google. If I leave my computer idle for a few hours I will have 30 pop ups opening for ie over 20 processes running for ie that re open as soon as I close them. If anyone could figure out whats going on I would love them forever.
Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:29 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\Team Settings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ACESHOW] C:\DOCUME~1\Chazzy\APPLIC~1\CLOCKB~1\license base.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8874 bytes

TheBruce1

Hello and welcome to TSF


Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems, follow instructions below.

===========

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

============
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<---Attached

__________________




BT, Virgin Media and TalkTalk customers, please see Here, Here, Here and listen to Steve Gibson`s podcast on Phorm.




If we have helped you in anyway,please consider Donating

bojang1es

Hey thanks a lot for the reply I you guys have been busy. I just ran the scanner. Also, I just turned my computer on and its usually pretty normal for about half an hour, I dont know if that makes a difference, IE managed to have over 60 processes running the other day.

Deckard's System Scanner v20071014.68
Run by Chazzy on 2008-04-08 13:08:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
105: 2008-04-08 19:08:52 UTC - RP214 - Deckard's System Scanner Restore Point
104: 2008-04-08 09:22:23 UTC - RP213 - System Checkpoint
103: 2008-04-07 09:15:17 UTC - RP212 - System Checkpoint
102: 2008-04-06 08:40:56 UTC - RP211 - System Checkpoint
101: 2008-04-05 08:39:22 UTC - RP210 - System Checkpoint


-- First Restore Point --
1: 2008-01-09 23:05:11 UTC - RP110 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chazzy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:28 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chazzy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chazzy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\Team Settings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ACESHOW] C:\DOCUME~1\Chazzy\APPLIC~1\CLOCKB~1\license base.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8869 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\chazzy\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 13:00:00 270 --ah----- C:\WINDOWS\Tasks\B98D511B9C4ACBF3.job
2008-04-02 23:38:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-08 13:05:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-08 13:05:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-08 13:05:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-08 13:05:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-08 13:05:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-08 13:05:14 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-04 02:22:15 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-04-04 02:22:14 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-04-04 02:22:10 0 d-------- C:\Program Files\Sygate
2008-03-31 14:55:32 0 d-------- C:\Documents and Settings\Chazzy\Application Data\Viewpoint
2008-03-30 20:45:56 0 d-------- C:\Documents and Settings\Chazzy\Application Data\acccore
2008-03-30 20:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-30 20:45:16 0 d-------- C:\Program Files\Viewpoint
2008-03-30 20:45:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-30 20:45:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-30 20:44:50 0 d-------- C:\Program Files\Common Files\AOL
2008-03-30 20:44:45 0 d-------- C:\Program Files\AIM6
2008-03-26 17:28:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-26 17:27:20 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-25 12:42:36 0 d-------- C:\Documents and Settings\Chazzy\Logs
2008-03-25 12:41:16 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-04-05 05:56:20 0 d-------- C:\Program Files\World of Warcraft
2008-04-02 19:42:03 0 d-------- C:\Documents and Settings\Chazzy\Application Data\uTorrent
2008-03-30 20:44:50 0 d-------- C:\Program Files\Common Files
2008-03-27 12:39:49 0 d-------- C:\Documents and Settings\Chazzy\Application Data\Apple Computer
2008-03-03 0226 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2008-03-03 0226 28672 --a------ C:\WINDOWS\system32\HLP95EN.DLL <Not Verified; Microsoft Corporation; Microsoft Office>
2008-03-03 0226 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2008-03-03 0226 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-03-03 0226 0 d-------- C:\Program Files\ActiveX Control Pad
2008-03-03 01:02:25 0 d-------- C:\Program Files\Lavasoft
2008-03-03 01:02:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 00:56:38 0 d-------- C:\Program Files\iTunes
2008-02-28 00:56:28 0 d-------- C:\Program Files\iPod
2008-02-26 19:48:56 0 d-------- C:\Documents and Settings\Chazzy\Application Data\Real
2008-02-26 01:37:37 0 d-------- C:\Program Files\Trend Micro
2008-02-22 14:25:44 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-21 14:56:04 0 d-------- C:\Program Files\QuickTime
2008-02-16 12:15:14 0 d-------- C:\Documents and Settings\Chazzy\Application Data\ClockBalmVc
2008-02-16 12:14:53 0 d-------- C:\Program Files\ClockBalmVc
2008-02-16 12:08:42 0 d-------- C:\Documents and Settings\Chazzy\Application Data\WinRAR
2008-02-12 19:59:31 0 d-------- C:\Program Files\Space Runner 1.1
2008-02-10 21:03:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-09 14:01:30 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-09 11:31:32 0 d-------- C:\Program Files\Diablo II
2008-02-08 03:21:15 0 d-------- C:\Documents and Settings\Chazzy\Application Data\SQLX3
2008-02-08 01:19:25 559104 --a------ C:\WINDOWS\click.dll
2008-02-07 23:03:25 35767 --a------ C:\WINDOWS\DIIUnin.dat
2008-02-07 23:01:19 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-02-07 23:01:19 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-02-07 23:01:19 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-02-07 22:54:48 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-02-07 22:54:48 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-02-05 07:47:24 221696 --a------ C:\WINDOWS\systeldd32.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/12/2007 03:33 AM C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 06:44 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [02/06/2007 06:08 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/11/2007 06:03 AM]
"nwiz"="nwiz.exe" [05/11/2007 06:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/11/2007 06:03 AM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/02/2005 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/04/2007 07:42 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Win Base 4 Download"="C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\Team Settings.exe" [04/08/2008 01:08 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 01:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/04/2004 06:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACESHOW"="C:\DOCUME~1\Chazzy\APPLIC~1\CLOCKB~1\license base.exe" [02/16/2008 12:14 PM]
"Legacy VGA Drivers V1.0"="C:\WINDOWS\certproc32.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/05/2007 11:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 02:50 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy Sound Drivers V1.3]
C:\WINDOWS\comctl32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Paradyne ADSL Network Driver V2.3]
C:\WINDOWS\netcfgx32.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7942 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-08 13:10:20 ------------

Attached Files

extra.txt (16.1 KB, 1 views)

TheBruce1

Hello again

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless advised to do so.

===========

P2P

P2P - I see you have P2P software µTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.


============

From the extra.txt:

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.) Disabled
FW: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled
AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab) Disabled

and

Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0

You have installed Kaspersky Anti-Virus v7.0.1.321 twice, please uninstall one of them. Also enable Kaspersky Anti-Virus v7.0.1.321 and Sygate Personal Firewall v4.6 as they are being shown as disabled.

===========

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

============

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

CiD Help<---Adware
Viewpoint Media Player<----Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

==============

Download ATF-Cleaner by Atribune to your desktop.Do not run just yet, we will shortly

===============

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:NoLop.log along with the required logs

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

==============

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report into your next reply.

===========

Download fl.zip
Extract the contents to a new folder on Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

=============

Run Deckard System Scanner once again and post the main.txt.

=============
Logs Required
C:\NoLop.log
Panda Scan Results
c:\findlop.txt
main.txt

__________________




BT, Virgin Media and TalkTalk customers, please see Here, Here, Here and listen to Steve Gibson`s podcast on Phorm.




If we have helped you in anyway,please consider Donating

bojang1es

Ok, I could only find one file for Kaspersky Anti-Virus v7.0.1.321 so Im not sure what to remove.
NoLop did not find anything, it would not give me an option to reboot and did not produce a log.
I believe Panda updated their site recently, there was no where to input an email address and it also did not produce a report.

Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\Administrator\Application Data

Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\All Users\Application Data

02/10/2008 09:02 PM <DIR> Adobe
03/30/2008 08:45 PM <DIR> AOL
03/30/2008 08:45 PM <DIR> AOL OCP
10/07/2007 09:48 PM <DIR> Apple
10/07/2007 09:48 PM <DIR> Apple Computer
02/16/2008 12:15 PM <DIR> Browse Dent Win Base
10/04/2007 05:24 PM <DIR> Google
02/23/2008 08:04 PM <DIR> Grisoft
04/08/2008 06:57 PM <DIR> Kaspersky Lab
02/22/2008 02:22 PM <DIR> Kaspersky Lab Setup Files
03/03/2008 01:02 AM <DIR> Lavasoft
01/25/2008 08:50 PM <DIR> Microsoft Help
10/11/2007 12:13 PM <DIR> NVIDIA Corporation
12/02/2007 07:00 PM 1,759 QTSBandwidthCache
03/03/2008 01:59 AM <DIR> Spybot - Search & Destroy
03/07/2008 10:55 PM <DIR> TEMP
04/08/2008 05:05 PM <DIR> Viewpoint
02/23/2008 03:36 AM <DIR> Windows Genuine Advantage
1 File(s) 1,759 bytes
17 Dir(s) 442,234,564,608 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\Chazzy\Application Data

03/30/2008 08:45 PM <DIR> acccore
10/14/2007 01:05 PM <DIR> Adobe
03/27/2008 12:39 PM <DIR> Apple Computer
12/26/2007 02:15 PM <DIR> Corel
01/25/2008 08:18 PM <DIR> DAEMON Tools
10/05/2007 12:03 PM <DIR> Google
11/14/2007 08:49 PM <DIR> Help
10/03/2007 09:12 PM <DIR> Identities
10/05/2007 12:11 AM <DIR> InstallShield
10/04/2007 05:22 PM <DIR> Macromedia
10/07/2007 08:58 PM <DIR> Mozilla
10/14/2007 08:05 PM <DIR> MySpace
12/26/2007 02:15 PM 12,358 PFP110JCM.{PB
12/26/2007 02:15 PM 61,678 PFP110JPR.{PB
02/26/2008 07:48 PM <DIR> Real
02/08/2008 03:21 AM <DIR> SQLX3
11/19/2007 01:38 AM <DIR> Sun
12/03/2007 07:28 PM <DIR> teamspeak2
04/02/2008 07:42 PM <DIR> uTorrent
10/15/2007 05:56 PM <DIR> Ventrilo
02/16/2008 12:08 PM <DIR> WinRAR
2 File(s) 74,036 bytes
19 Dir(s) 442,234,564,608 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\Default User\Application Data

10/03/2007 07:10 AM <DIR> .
10/03/2007 07:10 AM <DIR> ..
10/03/2007 07:10 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 442,234,564,608 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 0C72-E39C

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/02/2008 23:38:00
NextRun: 04/09/2008 23:38:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ...W...
StartDate: 10/07/2007
EndDate: 00/00/0000
StartTime: 23:38
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0




Deckard's System Scanner v20071014.68
Run by Chazzy on 2008-04-08 19:00:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chazzy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:50 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chazzy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chazzy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CB30475-3227-4608-B39F-78CC9BBC4C3F}: NameServer = 192.168.0.1,205.171.3.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 8610 bytes

-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 17:14:30 0 d-------- C:\Program Files\Panda Security
2008-04-08 17:08:08 212 --a------ C:\delete.bat
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-08 13:05:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-08 13:05:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-08 13:05:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-08 13:05:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-08 13:05:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-08 13:05:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-08 13:05:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-08 13:05:14 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-04 02:22:15 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-04-04 02:22:14 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-04-04 02:22:10 0 d-------- C:\Program Files\Sygate
2008-03-30 20:45:56 0 d-------- C:\Documents and Settings\Chazzy\Application Data\acccore
2008-03-30 20:45:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-30 20:45:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-30 20:45:08 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-30 20:44:50 0 d-------- C:\Program Files\Common Files\AOL
2008-03-30 20:44:45 0 d-------- C:\Program Files\AIM6
2008-03-26 17:28:36 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-26 17:27:20 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-25 12:42:36 0 d-------- C:\Documents and Settings\Chazzy\Logs
2008-03-25 12:41:16 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-04-08 17:14:31 2722 --a------ C:\WINDOWS\mozver.dat
2008-04-05 05:56:20 0 d-------- C:\Program Files\World of Warcraft
2008-04-02 19:42:03 0 d-------- C:\Documents and Settings\Chazzy\Application Data\uTorrent
2008-03-30 20:44:50 0 d-------- C:\Program Files\Common Files
2008-03-27 12:39:49 0 d-------- C:\Documents and Settings\Chazzy\Application Data\Apple Computer
2008-03-03 0226 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2008-03-03 0226 28672 --a------ C:\WINDOWS\system32\HLP95EN.DLL <Not Verified; Microsoft Corporation; Microsoft Office>
2008-03-03 0226 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2008-03-03 0226 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-03-03 0226 0 d-------- C:\Program Files\ActiveX Control Pad
2008-03-03 01:02:25 0 d-------- C:\Program Files\Lavasoft
2008-03-03 01:02:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 00:56:38 0 d-------- C:\Program Files\iTunes
2008-02-28 00:56:28 0 d-------- C:\Program Files\iPod
2008-02-26 19:48:56 0 d-------- C:\Documents and Settings\Chazzy\Application Data\Real
2008-02-26 01:37:37 0 d-------- C:\Program Files\Trend Micro
2008-02-22 14:25:44 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-21 14:56:04 0 d-------- C:\Program Files\QuickTime
2008-02-16 12:08:42 0 d-------- C:\Documents and Settings\Chazzy\Application Data\WinRAR
2008-02-12 19:59:31 0 d-------- C:\Program Files\Space Runner 1.1
2008-02-10 21:03:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-09 14:01:30 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-09 11:31:32 0 d-------- C:\Program Files\Diablo II
2008-02-08 03:21:15 0 d-------- C:\Documents and Settings\Chazzy\Application Data\SQLX3
2008-02-08 01:19:25 559104 --a------ C:\WINDOWS\click.dll
2008-02-07 23:03:25 35767 --a------ C:\WINDOWS\DIIUnin.dat
2008-02-07 23:01:19 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-02-07 23:01:19 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-02-07 23:01:19 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-02-07 22:54:48 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-02-07 22:54:48 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-02-05 07:47:24 221696 --a------ C:\WINDOWS\systeldd32.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/12/2007 03:33 AM C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 06:44 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [02/06/2007 06:08 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/11/2007 06:03 AM]
"nwiz"="nwiz.exe" [05/11/2007 06:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/11/2007 06:03 AM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/02/2005 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/04/2007 07:42 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 01:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/04/2004 06:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Legacy VGA Drivers V1.0"="C:\WINDOWS\certproc32.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/05/2007 11:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 02:50 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy Sound Drivers V1.3]
C:\WINDOWS\comctl32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Paradyne ADSL Network Driver V2.3]
C:\WINDOWS\netcfgx32.exe



-- End of Deckard's System Scanner: finished at 2008-04-08 19:01:32 ------------

TheBruce1

If only one entry is installed then that is ok.

-----------

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

==========

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Please remember to close all other windows, including browsers then click Fix checked.

==========

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

============

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base
C:\Documents and Settings\All Users\Application Data\Viewpoint


If they resist, boot into safe mode and delete there.

===========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > (Settings) > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

==========

BitDefender Online Scan

Go here and do the BitDefender online virus scan.

* Click "I Agree" to agree to the EULA.
* Allow the ActiveX control to install when prompted.
* Leave the scanning options at default and press "Click here to scan" to begin the scan.
* Please refrain from using the computer until the scan is finished.
* When the scan is finished, click on "Click here to export the scan results"
* Save the report to your desktop then come back here and post it in your next reply along with the required logs.

============

Run Deckard System Scanner(DSS) again

=============
Logs Required
Bitdefender Scan Results
Main.txt

How is your system running now.

__________________




BT, Virgin Media and TalkTalk customers, please see Here,