Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page MS Windows XP will not load when connected to internet
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 6 of 9 « First 345 6 789
 
LinkBack Thread Tools
Old 03-27-2007, 08:48 AM   #101 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,813
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
My apologies on that. You should disconnect while running ComboFix command.

Then reconnect to update SmitfraudFix

Disconnect once again

Reconnect when it's time for the Panda scan.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-27-2007, 07:53 PM   #102 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I tried the first combofix and all the text did not fit so I am stopping here.

Quote:
Go to Start>Run then copy/paste the following red text into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /wow-drv Microsoft Internet Connection Sharing lanmandrv /v pqkuaaau ssqnllk geedb pmnoonm fcccddd mljjj ssqrq ocxapi ierplc iepref32 ips sstqo sqvyswsn qmopt ssqqono fbmhsfob hgghefg ljjijih khffebb wvuvwxx mljghij urqoljk bgvuafvo xlqtmtth wvuusrs
Please provide direction, thanks
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-27-2007, 09:12 PM   #103 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,813
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
It will fit if you copy/paste it in. It won't look like it's all there--but it is.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2007, 06:46 AM   #104 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Finally, I have finished witht the latest round of executions. I have made notes in sections where something did not match up with what you had written down. I did see some files with setup_#####.exe during the second file deleting step, but they are now gone.

Results of scans

**** Combofix

"Molly" - 07-03-27 20:33:32 Service Pack 1
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Molly\desktop"
Command switches used :: /wow-drv Microsoft Internet Connection Sharing lanmandrv /v pqkuaaau ssqnllk geedb pmnoonm fcccddd mljjj ssqrq ocxapi ierplc iepref32 ips sstqo sqvyswsn qmopt ssqqono fbmhsfob hgghefg ljjijih khffebb wvuv


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ierplc.dll
C:\WINDOWS\system32\iepref32.dll
C:\WINDOWS\system32\ips.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\ssqqono.dll
C:\WINDOWS\system32\fbmhsfob.dll
C:\WINDOWS\system32\hgghefg.dll
C:\WINDOWS\system32\ljjijih.dll
C:\WINDOWS\system32\khffebb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\DOCUME~1\Molly\STARTM~1\programs\bravesentry\BraveSentry.lnk
C:\DOCUME~1\Molly\STARTM~1\programs\bravesentry\Uninstall.lnk
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\DOCUME~1\Molly\Desktop\internet.lnk
C:\DOCUME~1\Molly\Desktop\bravesentry.lnk
C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp
C:\DOCUME~1\Molly\STARTM~1\programs\bravesentry
C:\Program Files\vsadd-in


((((((((((((((((((((((((((((((( Files Created from 2007-02-27 to 2007-03-27 ))))))))))))))))))))))))))))))))))


2007-03-27 18:56 <DIR> d-------- C:\hijackthis
2007-03-27 18:07 0 --a------ C:\WINDOWS\system32\setup_74347.exe
2007-03-27 17:59 26,730 --a------ C:\WINDOWS\system32\efcaabx.dll
2007-03-27 17:55 48,708 --a------ C:\WINDOWS\system32\nctupyoj.dll
2007-03-27 17:30 0 --a------ C:\WINDOWS\system32\setup_20052.exe
2007-03-25 20:54 52,674 -r-hs---- C:\WINDOWS\avgav.exe
2007-03-25 20:54 52,674 --a------ C:\WINDOWS\system32\setup_76330.exe
2007-03-25 20:22 88,340 --a------ C:\WINDOWS\system32\rctaunvv.exe
2007-03-25 20:22 123,972 --a------ C:\WINDOWS\system32\bgvuafvo.dll
2007-03-25 20:22 1,258,919 ---hs---- C:\WINDOWS\system32\klnmp.bak2
2007-03-25 20:22 <DIR> d-------- C:\DOCUME~1\Duane\APPLIC~1\SearchToolbarCorp
2007-03-25 20:16 0 --a------ C:\WINDOWS\system32\setup_78345.exe
2007-03-25 10:02 6,469,352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-03-25 09:55 55,243,672 --a------ C:\regedit 3.25.07.reg
2007-03-24 22:19 88,340 --a------ C:\WINDOWS\system32\jmkgpcvx.exe
2007-03-24 22:19 123,972 --a------ C:\WINDOWS\system32\xlqtmtth.dll
2007-03-24 22:19 1,206,893 ---hs---- C:\WINDOWS\system32\klnmp.bak1
2007-03-24 22:18 280,676 ---hs---- C:\WINDOWS\system32\pmnlk.dll
2007-03-24 22:08 280,676 ---hs---- C:\WINDOWS\system32\gebcb.dll
2007-03-24 22:07 280,676 ---hs---- C:\WINDOWS\system32\awtsq.dll
2007-03-24 22:02 26,697 --a------ C:\WINDOWS\system32\wvuusrs.dll
2007-03-24 17:35 7,200 --a------ C:\jvycsq.exe
2007-03-24 17:35 23,552 --a------ C:\yyumm.exe
2007-03-24 17:34 26,697 --a------ C:\WINDOWS\system32\fccbccb.dll
2007-03-24 15:21 0 --a------ C:\WINDOWS\system32\setup_83355.exe
2007-03-24 14:51 26,697 --a------ C:\WINDOWS\system32\wvuvwxx.dll
2007-03-24 14:42 26,697 --a------ C:\WINDOWS\system32\mljghij.dll
2007-03-24 14:15 26,697 --a------ C:\WINDOWS\system32\urqoljk.dll
2007-03-24 11:58 1,048,576 --ah----- C:\DOCUME~1\MASTER~1\NTUSER.DAT
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\WINDOWS
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\Symantec
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\InterTrust
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\Adobe
2007-03-24 08:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-03-21 21:15 <DIR> d-------- C:\Deckard
2007-03-20 20:18 <DIR> d-------- C:\avenger
2007-03-19 21:14 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-18 09:40 51,955,192 --a------ C:\regedit 3.18.07.reg
2007-03-17 23:47 51,951,606 --a------ C:\Regedit 3.172.07.reg
2007-03-17 09:39 51,944,564 --a------ C:\regedit 3.17.07.reg
2007-03-13 20:51 136 --a------ C:\WINDOWS\system32\dgjun.bat
2007-03-13 19:32 51,995,858 --a------ C:\Regedit 3.13.07.reg
2007-03-12 18:20 491,768 --a------ C:\ie6setup.exe
2007-03-11 22:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-03-11 09:25 <DIR> d-------- C:\Program Files\Java
2007-03-11 09:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24 <DIR> d-------- C:\DOCUME~1\Duane\APPLIC~1\Sun
2007-03-10 11:31 <DIR> d-------- C:\Rustbfix
2007-03-08 19:33 49,152 --a------ C:\DOCUME~1\Duane\vfind.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-25 20:42 -------- d-------- C:\Program Files\hijack this
2007-03-25 19:38 -------- d-------- C:\Program Files\picasa2
2007-03-25 19:36 -------- d-------- C:\Program Files\messenger
2007-03-25 19:31 -------- d-------- C:\Program Files\itunes
2007-03-25 19:29 -------- d-------- C:\Program Files\google
2007-03-24 13:36 -------- d-------- C:\DOCUME~1\Molly\APPLIC~1\weatherbug
2007-03-08 19:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-24 22:08 3762 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-21 21:42 129 --a------ C:\fix.bat
2007-02-20 21:14 -------- d-------- C:\Program Files\shockwave.com
2007-02-10 20:00 14201 --a------ C:\Program Files\hijackthis.log
2007-01-31 19:15 -------- d-------- C:\DOCUME~1\Molly\APPLIC~1\winantivirus pro 2006
2007-01-28 22:13 -------- d-------- C:\Program Files\lg software innovations
2007-01-28 22:05 -------- d-------- C:\Program Files\clonedvd
2007-01-28 21:28 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-01-28 21:26 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 15:08 14612 --a------ C:\Program Files\cwshredder.exe-2d092fd4.pf
2007-01-21 15:03 532480 --a------ C:\Program Files\cwshredder.exe
2007-01-12 18:19 0 --a------ C:\WINDOWS\system32\vb2en16.dll
2007-01-11 16:35 12800 --a------ C:\WINDOWS\system32\svchost.exe
2007-01-07 18:21 1 --a------ C:\WINDOWS\system32\ps.dat
2007-01-07 18:21 1 --a------ C:\WINDOWS\system32\cookie.dat
2007-01-07 13:16 25600 --a------ C:\WINDOWS\system32\helper.dll
2007-01-04 22:35 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49 5037072 --a------ C:\Program Files\spybotsd14.exe
2007-01-01 12:02 507 --a------ C:\WINDOWS\ereg077.dat
2006-12-25 16:33 23066 --a------ C:\Program Files\plainoldfavorites-0.5.6-fx-windows.xpi


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~2\\bar\\1.bin\\mwsoemon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ymmsddlop"="C:\\WINDOWS\\system32\\vssmnptc.exe"
"BraveSentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
"gdxapimn"="C:\\WINDOWS\\System32\\jgdepgc.exe"
"nvcdllx"="C:\\WINDOWS\\System32\\cstatvmq.exe"
"csmhtop"="C:\\WINDOWS\\System32\\sdmmlmn.exe"
"ddsysmns"="C:\\WINDOWS\\System32\\scmdcon.exe"
"ncsmmlg"="C:\\WINDOWS\\System32\\ctlmems.exe"
"kdmmcvs"="C:\\WINDOWS\\System32\\gmonstml.exe"
"fcqlep"="c:\\windows\\system32\\fcqlep.exe fcqlep"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"lanmanwrk.exe"="C:\\WINDOWS\\System32\\lanmanwrk.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\bgvuafvo.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-27 20:44:51
C:\ComboFix ... 07-03-27 20:43
C:\ComboFix2.txt ... 07-03-25 20:23
C:\ComboFix3.txt ... 07-03-24 22:13

* * * * * * * * * * * * * * * * * * * * * * *

Smitfraud - 4 check for updates
Removed firewall program since I could not figure out how to deactivate

* * * * * * * * * * * * * * * * * * * * * * *
HJT - Some were not present - do you need to know?
quickly, lines 1,4,5,9,10,18 (Think-adz)

* * * * * * * * * * * * * * * * * * * * * * *

Delete Section
most were already gone

* * * * * * * * * * * * * * * * * * * * * * *

SmitFraudFix v2.158

Scan done at 22:48:17.75, Tue 03/27/2007
Run from C:\Documents and Settings\Molly\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Molly\STARTM~1\Programs\Startup\.protected Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

* * * * * * * * * * * * * * * * * * * * * * *
Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Nothing was present
* * * * * * * * * * * * * * * * * * * * * * *

AVG Report Scan
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:25:58 AM 3/28/2007

+ Scan result:



HKU\S-1-5-21-1784762916-2740901186-3389046013-1006\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP313\A0125453.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-1784762916-2740901186-3389046013-1006\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1784762916-2740901186-3389046013-1006\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP313\A0125450.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP314\A0127479.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_77072.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\Duane\Cookies\duane@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.40:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.44:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.52:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@ehg-pcsecurityshield.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.79:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Duane\Cookies\duane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.53:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.54:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.16:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.19:C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.73:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.74:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.75:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.76:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.77:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.81:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.82:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.83:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.57:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP313\A0125449.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP315\A0128588.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).


::Report end

* * * * * * * * * * * * * * * * * * * * * * *
SDFix Report


SDFix: Version 1.69

Run by Molly - Wed 03/28/2007 @ 5:37:23.43

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\setup_20052.exe - Deleted
C:\WINDOWS\system32\setup_74347.exe - Deleted
C:\WINDOWS\system32\setup_75328.exe - Deleted
C:\WINDOWS\system32\setup_76330.exe - Deleted
C:\WINDOWS\system32\setup_78345.exe - Deleted
C:\WINDOWS\system32\setup_83355.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Common Files\aolshare\shell\us\shellext.dll
C:\Program Files\Common Files\csshare\shell\us\shellext.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\pmnlk.dll
C:\My Games\Action Ball\actionball.exe
C:\My Games\Adventure Ball\AdventureBall.exe
C:\My Games\Aqua Pearls\pearls.exe
C:\My Games\Cactus Bruce and the Corporate Monkeys\RealCB12.exe
C:\My Games\Clash 'N Slash\Clash N Slash.exe
C:\My Games\Flying Leo\FlyingLeo.exe
C:\My Games\Icy Spell\IcySpell.exe
C:\My Games\Impact\Impact.exe
C:\My Games\Inspheration\Inspheration.exe
C:\My Games\Jewel of Atlantis\Jewel of Atlantis.exe
C:\My Games\Mirror Magic\mirrormagic.exe
C:\My Games\Mosaic - Tomb of Mystery\Mosaic.exe
C:\My Games\Phlinx to Go\PhlinxToGo.exe
C:\My Games\Rainbow Web\RainbowWeb.exe
C:\My Games\Snowy - Space Trip\SpaceTrip.exe
C:\My Games\Turtle Odyssey\Game.exe
C:\My Games\Wheel of Fortune\Wheel of Fortune.exe
C:\Program Files\America Online 8.0\aolphx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\RBM.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\COMIT\cswitch.exe
C:\Program Files\CompuServe 7.0\csphx.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\CompuServe 7.0\RBM.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\CompuServe 7.0\COMIT\cswitch.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\avgav.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Add/Remove Programs List:

1Click DVD Copy 4.2.9.2
3D Snowy Cottage Screen Saver
Ad-Aware SE Personal
Adobe Acrobat 4.0
Agfa ePhoto CL18 Digital Camera Driver
America Online
AOL Instant Messenger (SM)
AOL Coach Version 1.0(Build:20020823.1)
AVG 7.5
AVG Anti-Spyware 7.5
BadCopy Pro
Belarc Advisor 7.0
BigFix
Calm Before the Storm Screen Saver
Chess Live 4.2
Cinema Tycoon(TM) Gold
CleanUp!
Conexant SoftK56 Modem(M)
CompuServe
Codec Pack - All In 1 6.0.2.7
Cox Online Support Controls
EPSON Printer Software
EZBack-it-up 2.0.1
Fiber Twig 2: Restoration of Magic Garden
Fish Tycoon
Fortune Tiles(TM) Gold
FREE Hi-Q Recorder 1.9
Gem Shop
Google Desktop Search
Gum Droppers
Hexalot
High Flying Act - Interactive Storybook
HijackThis 1.99.1
ICQ
iTunes
Karu
Kaspersky Online Scanner
Microsoft Data Access Components KB870669
Lavasoft VX2 Cleaner
LEGO Chess
Macromedia Shockwave Player
CloneDVD 4.0
Micro Innovations Wireless Keyboard
Micro Innovations Wireless Optical Mouse
Mozilla Firefox (2.0.0.3)
MSN Music Assistant
Netscape 6 (6.2.1)
Panda ActiveScan
PC Pitstop Optimize 1.5
Picasa 2
QuickTime
Reader Rabbit 1st Grade
Reader Rabbit 1st Grade(R) Capers on Cloud Nine!(TM)
Reader Rabbit Thinking Adventures Ages 4-6
Reader Rabbit(R) I Can Read! With Phonics
RealArcade
RealPlayer
RegistryFix v3.0
Reader Rabbit's 2nd Grade
Sandlot Games Client Services
Macromedia Flash Player 8
SimCity 3000
Splash
Spybot - Search & Destroy 1.4
IncBack +
SurferNETWORK Player
SyncBackSE
Viewpoint Media Player (Remove Only)
WeatherBug
Winamp (remove only)
Yahoo! Toolbar
Yahoo! Toolbar
Zulu Gems
Microsoft Money 2003
Microsoft Money 2003 System Pack
PC Inspector File Recovery
The Sims Deluxe Edition
Norton WMI Update
Google Toolbar for Internet Explorer
Java(TM) SE Runtime Environment 6
DataRobot Premium
Stomp Backup MyPC
MaxBlast 4
PowerDVD
Windows Backup Utility
EPSON Web-To-Page
Mirror Magic
NetZero For Riverdeep
iTunes
Intel(R) Extreme Graphics Driver
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Adobe Reader 7.0.7
DV 4100M
HP Software Update
Ulead Photo Express 4.0 SE
Texas Hold 'Em: High Stakes Poker
Ulead Photo Explorer 8.0 SE Basic
Disney's Phonics Quest
Greeting Card Factory Express
Microsoft Works 6.0
HP Deskjet 3740
Realtek AC'97 Audio
Multimedia Keyboard Driver

Finished


* * * * * * * * * * * * * * * * * * * * * * *
**** Panda results

Incident Status Location

Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\System32\nctupyoj.dll
Potentially unwanted tool:application/bestoffer Not disinfected C:\Documents and Settings\Molly\Desktop\Click To Find and Fix Errors.lnk
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ShellViewControl
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Cookies\molly@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Molly\Cookies\molly@stats1.reliablestats[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Molly\Cookies\molly@winantivirus[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Molly\Local Settings\Temporary Internet Files\Content.IE5\ADRG5QS4\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSAdd-in\VSAdd-in.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\SDFix\backups\backups.zip[backups/i]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:W32/Sdbot.KAD.worm Disinfected C:\WINDOWS\avgav.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bgvuafvo.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\gqxkbaie.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\rctaunvv.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xlqtmtth.dll



* * * * * * * * * * * * * * * * * * * * * * *

I need to get to the office, I will post the DSS scans tonight.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2007, 06:38 PM   #105 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Is Brave Sentry a rogue program or legit? I think that was one that was causing trouble and don't use it, so it could go away.


Results of DSS Scans by segment

Molly
Deckard's System Scanner v20070318.32
Run by Molly on 2007-03-28 at 21:15:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-28 21:18:33
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\KBDAP32A.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\hijackthis\Molly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {477DFA65-B329-4251-BD81-FB9C30343EF6} - C:\WINDOWS\system32\pmnlk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra 'Tools' menuitem: (no name) - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker () - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon () - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo () - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack () - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers () - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess () - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage () - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice () - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish () - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire () - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker () - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids () - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\System32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\system32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\System32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - "C:\WINDOWS\avgav.exe"
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Google Updater Service (gusvc) - Google - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - "C:\WINDOWS\alg.exe"
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:41:31 49 --a------ C:\WINDOWS\System32\pfdnnt_actions.sys<PFDNNT~1.SYS>
2007-03-28 20:41:31 8704 --a------ C:\WINDOWS\System32\pfdnnt.exe
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:54:27 52674 -r-hs---- C:\WINDOWS\avgav.exe
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-27 22:08:53 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 13:47:01 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-31 19:15:42 0 d-------- C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006<WINANT~1>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 21:18:58 ---------

* * * * * * * * * * * * * * * * * * * *
Duane
* * * * * * * * * * * * * * * * * * * *

Deckard's System Scanner v20070318.32
Run by Duane on 2007-03-28 at 22:43:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Duane.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:43:26 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Duane\Desktop\dss.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HIJACK~1\Duane.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {44755F86-C67C-4A58-8050-3BCC700F9687} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\SYSTEM32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\SYSTEM32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - C:\WINDOWS\avgav.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-21 22:56:19 0 d---s---- C:\Documents and Settings\Duane\Application Data\Microsoft<MICROS~1>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-24 10:40:37 0 d-------- C:\Documents and Settings\Duane\Application Data\AVG7
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-28 21:26:56 0 d-------- C:\Documents and Settings\Duane\Application Data\Vso
2007-01-28 21:26:55 34 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.log
2007-01-28 21:26:41 47360 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.sys
2007-01-28 21:26:41 1144 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.inf
2007-01-28 21:26:41 7176 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.cat
2007-01-28 21:26:41 81920 --a------ C:\Documents and Settings\Duane\Application Data\ezpinst.exe
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 22:43:52 ---------

* * * * * * * * * * * * * * * * * * * *
Master Account
* * * * * * * * * * * * * * * * * * * *

Deckard's System Scanner v20070318.32
Run by Master Account on 2007-03-28 at 22:45:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Master Account.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:45:05 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Documents and Settings\Master Account\Desktop\dss.exe
C:\HIJACK~1\Master Account.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {44755F86-C67C-4A58-8050-3BCC700F9687} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\SYSTEM32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\SYSTEM32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - C:\WINDOWS\avgav.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 11:59:31 0 d-------- C:\Documents and Settings\Master Account\Application Data\Mozilla
2007-03-24 11:59:17 0 d-------- C:\Documents and Settings\Master Account\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 22:45:31 ---------

* * * * * * * * * * * * * * * * * * * *
Others
* * * * * * * * * * * * * * * * * * * *

Deckard's System Scanner v20070318.32
Run by Others on 2007-03-28 at 22:46:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Others.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:46:36 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Others\Desktop\dss.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HIJACK~1\Others.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {44755F86-C67C-4A58-8050-3BCC700F9687} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: .protected
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\SYSTEM32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\SYSTEM32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - C:\WINDOWS\avgav.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 22:47:04 ---------



****** ******* ******* END OF POST Pg 1***** ****** *******
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2007, 06:40 PM   #106 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Pg 2


* * * * * * * * * * * * * * * * * * * *
Robyn
* * * * * * * * * * * * * * * * * * * *

Deckard's System Scanner v20070318.32
Run by Robyn on 2007-03-28 at 22:48:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robyn.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:48:16 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Robyn\Desktop\dss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\HIJACK~1\Robyn.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {44755F86-C67C-4A58-8050-3BCC700F9687} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\System32\vstldmem.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\System32\jvmmods.exe
O4 - HKCU\..\Run: [gdxapimn] C:\WINDOWS\System32\jgdepgc.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKCU\..\Run: [csmhtop] C:\WINDOWS\System32\sdmmlmn.exe
O4 - HKCU\..\Run: [ncsmmlg] C:\WINDOWS\System32\ctlmems.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\System32\scmdcon.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - Startup: .protected
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\SYSTEM32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\SYSTEM32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - C:\WINDOWS\avgav.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"lsmdwinr"="C:\\WINDOWS\\System32\\vstldmem.exe"
"winksddm"="C:\\WINDOWS\\System32\\jvmmods.exe"
"gdxapimn"="C:\\WINDOWS\\System32\\jgdepgc.exe"
"nvcdllx"="C:\\WINDOWS\\System32\\cstatvmq.exe"
"csmhtop"="C:\\WINDOWS\\System32\\sdmmlmn.exe"
"ncsmmlg"="C:\\WINDOWS\\System32\\ctlmems.exe"
"ddsysmns"="C:\\WINDOWS\\System32\\scmdcon.exe"
"kdmmcvs"="C:\\WINDOWS\\System32\\gmonstml.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 22:48:41 ---------

* * * * * * * * * * * * * * * * * * * *
Cody
* * * * * * * * * * * * * * * * * * * *

Deckard's System Scanner v20070318.32
Run by Cody on 2007-03-28 at 22:35:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Cody.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:36:15 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cody\Desktop\dss.exe
C:\HIJACK~1\Cody.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\efcaabx.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {44755F86-C67C-4A58-8050-3BCC700F9687} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nctupyoj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\System32\geedb.dll,CreateProtectProc
O4 - Startup: .protected
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: efcaabx - C:\WINDOWS\SYSTEM32\efcaabx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: wvuusrs - C:\WINDOWS\SYSTEM32\wvuusrs.dll
O23 - Service: avgav.exe (AVG) - Unknown owner - C:\WINDOWS\avgav.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Internet Connection Sharing (Microsoft Windows Internet Connection Sharing) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-28 -----------------------------

2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-28 20:36:54 0 d-------- C:\Documents and Settings\Molly\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-28 20:36:46 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 20:36:43 88340 --a------ C:\WINDOWS\System32\gqxkbaie.exe
2007-03-28 19:54:17 79360 --a------ C:\WINDOWS\System32\swxcacls.exe
2007-03-28 19:54:17 40960 --a------ C:\WINDOWS\System32\swsc.exe
2007-03-28 19:54:17 135168 --a------ C:\WINDOWS\System32\swreg.exe
2007-03-28 19:54:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe
2007-03-28 19:54:17 53248 --a------ C:\WINDOWS\System32\Process.exe
2007-03-28 19:54:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-03-27 22:45:21 248 --a------ C:\delete.reg
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-27 17:59:38 26730 --a------ C:\WINDOWS\System32\efcaabx.dll
2007-03-27 17:55:31 48708 --a------ C:\WINDOWS\System32\nctupyoj.dll
2007-03-25 20:22:46 123972 --a------ C:\WINDOWS\System32\bgvuafvo.dll
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-25 20:22:26 88340 --a------ C:\WINDOWS\System32\rctaunvv.exe
2007-03-25 20:22:13 1236884 ---hs---- C:\WINDOWS\System32\klnmp.bak2<KLNMP~2.BAK>
2007-03-24 22:19:18 123972 --a------ C:\WINDOWS\System32\xlqtmtth.dll
2007-03-24 22:19:11 1206893 ---hs---- C:\WINDOWS\System32\klnmp.bak1<KLNMP~1.BAK>
2007-03-24 22:18:52 280676 ---hs---- C:\WINDOWS\System32\pmnlk.dll
2007-03-24 22:08:00 280676 ---hs---- C:\WINDOWS\System32\gebcb.dll
2007-03-24 22:07:57 280676 ---hs---- C:\WINDOWS\System32\awtsq.dll
2007-03-24 22:02:29 26697 --a------ C:\WINDOWS\System32\wvuusrs.dll
2007-03-24 17:34:50 26697 --a------ C:\WINDOWS\System32\fccbccb.dll
2007-03-24 14:51:44 26697 --a------ C:\WINDOWS\System32\wvuvwxx.dll
2007-03-24 14:42:29 26697 --a------ C:\WINDOWS\System32\mljghij.dll
2007-03-24 14:15:34 26697 --a------ C:\WINDOWS\System32\urqoljk.dll
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-28 20:34:44 0 d-------- C:\Program Files\Picasa2
2007-03-28 20:32:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-28 20:26:59 0 d-------- C:\Program Files\iTunes
2007-03-28 20:25:33 0 d-------- C:\Program Files\Google
2007-03-28 20:22:46 0 d-------- C:\Program Files\BigFix
2007-03-27 22:52:12 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 20:42:44 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 22:13:42 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-28 22:05:20 0 d-------- C:\Program Files\CloneDVD
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"nvcdllx"="C:\\WINDOWS\\System32\\cstatvmq.exe"
"kdmmcvs"="C:\\WINDOWS\\System32\\gmonstml.exe"
"cmds"="rundll32.exe C:\\WINDOWS\\System32\\geedb.dll,CreateProtectProc"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcaabx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuusrs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-28 at 22:36:46 ---------


****** ******* ******* END OF POST Pg 2***** ****** *******
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2007, 11:37 PM   #107 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,813
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Nice work in that round, cul8rman.

The entire command did not copy/paste into the Run box which is why we still have infection on board. This round should knock it out of there.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Name it FixServices.bat and Save it as "All Files" on your desktop.

Quote:
@echo off
sc stop "Microsoft Windows Internet Connection Sharing"
sc stop AVG
sc delete "Microsoft Windows Internet Connection Sharing"
sc delete AVG
exit
Double click FixServices.bat. A window will open and close. This is normal.

(Do not be alarmed--the AVG we are stopping and deleting is not your legit AVG AntiVirus)

------------------------------------------------------------

Go to Start>Run then copy/paste the following red text into the Run box then click OK **(If you are still getting this info from another computer, make sure wordwrap is off when you copy/paste into a .txt document)

"%userprofile%\desktop\combofix.exe" /v efcaabx nctupyoj bgvuafvo xlqtmtth pmnlk gebcb awtsq wvuusrs fccbccb wvuvwxx mljghij urqoljk

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Restart your system into Safe Mode and log on to Duane's acct.

------------------------------------------------------------

Run a scan with HijackThis and fix this entry:

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Delete the following files:

C:\WINDOWS\System32\ gqxkbaie.exe
C:\WINDOWS\System32\ rctaunvv.exe
C:\WINDOWS\system32\ qwinpoeb.exe

------------------------------------------------------------

Click Start>Log Off and Switch User to Molly's acct

Run a scan with HijackThis and fix this entry:

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Click Start>Log Off and Switch User to Master Account

Run a scan with HijackThis and fix this entry:

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Click Start>Log Off and Switch User to Others acct

Run a scan with HijackThis and fix the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - Startup: .protected
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

------------------------------------------------------------

Reboot back into Safe Mode and log on to Robyn's acct.

Run a scan with HijackThis and fix the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\eatjwiat.dll",setvm
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\System32\vstldmem.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\System32\jvmmods.exe
O4 - HKCU\..\Run: [gdxapimn] C:\WINDOWS\System32\jgdepgc.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKCU\..\Run: [csmhtop] C:\WINDOWS\System32\sdmmlmn.exe
O4 - HKCU\..\Run: [ncsmmlg] C:\WINDOWS\System32\ctlmems.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\System32\scmdcon.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

Click 'Fix Checked' and close HijackThis.

------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

------------------------------------------------------------

Once again, run SmitfraudFix Option #2 on Robyn's acct.

------------------------------------------------------------

Reboot back into Safe Mode and log on to Cody's acct.

Run a scan with HijackThis and fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\System32\geedb.dll,CreateProtectProc
O4 - Startup: .protected
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwinpoeb.exe

Click 'Fix Checked' and close HijackThis.

-----------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

-----------------------------------------------------------

Again, run SmitfraudFix Option #2 and reboot into Normal Mode.

-----------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

-----------------------------------------------------------

Run another online scan at Panda and save the results.

-----------------------------------------------------------

Run dss.exe on all accounts and post the main.txt for each here

-----------------------------------------------------------

Include the following reports in your next reply:

C:\ComboFix.txt
Panda results
main.txt for each acct
Update on system behavior

Quote:
Is Brave Sentry a rogue program or legit? I think that was one that was causing trouble
No--it is not legit and the reason we are using SmitfraudFix. Brave Sentry is but one of the infections on this system.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 02:25 PM   #108 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
A few system things first, then scan results over 2 pages. I could not find the I virus in Windows\system32 that Panda reported. I also had a couple blank blue screens and had to reboot. I did not run into any trouble when saving as and putting directly to C: either, but using drop down to get to C: was locking up.

Panda is offering their AV & Firewall programs for $20. Is that worth it or is AVG good enough? What about getting Norton AV?

Another thought, my hard drive is not the one it came with. During the set up of the new HD I ended up setting up 2 operating systems to pick from when starting up. I am fine with deleting one of them and thought about doing that after the virus issue was dealt with but maybe that is the problem, like I said, just a thought.


SCAN REPORTS

C:\combofix.txt

"Molly" - 07-03-30 20:33:44 Service Pack 1
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Molly\desktop"
Command switches used :: /v efcaabx nctupyoj bgvuafvo xlqtmtth pmnlk gebcb awtsq wvuusrs fccbccb wvuvwxx mljghij urqoljk


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\efcaabx.dll
C:\WINDOWS\system32\nctupyoj.dll
C:\WINDOWS\system32\bgvuafvo.dll
C:\WINDOWS\system32\xlqtmtth.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\wvuusrs.dll
C:\WINDOWS\system32\fccbccb.dll
C:\WINDOWS\system32\wvuvwxx.dll
C:\WINDOWS\system32\mljghij.dll
C:\WINDOWS\system32\urqoljk.dll
C:\WINDOWS\system32\ovfauvgb.ini
C:\WINDOWS\system32\httmtqlx.ini
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\DOCUME~1\Molly\APPLIC~1.\searchtoolbarcorp
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\Program Files\vsadd-in


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 ))))))))))))))))))))))))))))))))))


2007-03-30 20:32 159 --a------ C:\FixServices.bat
2007-03-29 21:52 0 --a------ C:\WINDOWS\system32\setup_15076.exe
2007-03-28 20:56 123,972 --a------ C:\WINDOWS\system32\eatjwiat.dll
2007-03-28 20:36 88,340 --a------ C:\WINDOWS\system32\gqxkbaie.exe
2007-03-28 19:54 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-28 19:54 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-28 19:54 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-28 19:54 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-28 19:54 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-28 19:54 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-27 22:45 248 --a------ C:\delete.reg
2007-03-27 22:44 52,602,488 --a------ C:\regedit 3.26.07 molly.reg
2007-03-27 20:55 <DIR> d-------- C:\DOCUME~1\Molly\SmitfraudFix
2007-03-27 18:56 <DIR> d-------- C:\hijackthis
2007-03-25 20:22 88,340 --a------ C:\WINDOWS\system32\rctaunvv.exe
2007-03-25 20:22 <DIR> d-------- C:\DOCUME~1\Duane\APPLIC~1\SearchToolbarCorp
2007-03-25 10:02 6,469,352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-03-25 09:55 55,243,672 --a------ C:\regedit 3.25.07.reg
2007-03-24 11:58 1,048,576 --ah----- C:\DOCUME~1\MASTER~1\NTUSER.DAT
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\WINDOWS
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\Symantec
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\InterTrust
2007-03-24 11:58 <DIR> d-------- C:\DOCUME~1\MASTER~1\APPLIC~1\Adobe
2007-03-24 08:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-03-21 21:15 <DIR> d-------- C:\Deckard
2007-03-20 20:18 <DIR> d-------- C:\avenger
2007-03-19 21:14 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-18 09:40 51,955,192 --a------ C:\regedit 3.18.07.reg
2007-03-17 23:47 51,951,606 --a------ C:\Regedit 3.172.07.reg
2007-03-17 09:39 51,944,564 --a------ C:\regedit 3.17.07.reg
2007-03-13 20:51 136 --a------ C:\WINDOWS\system32\dgjun.bat
2007-03-13 19:32 51,995,858 --a------ C:\Regedit 3.13.07.reg
2007-03-12 18:20 491,768 --a------ C:\ie6setup.exe
2007-03-11 22:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-03-11 09:25 <DIR> d-------- C:\Program Files\Java
2007-03-11 09:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24 <DIR> d-------- C:\DOCUME~1\Duane\APPLIC~1\Sun
2007-03-10 11:31 <DIR> d-------- C:\Rustbfix
2007-03-08 19:33 49,152 --a------ C:\DOCUME~1\Duane\vfind.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-29 17:23 -------- d-------- C:\DOCUME~1\Molly\APPLIC~1\weatherbug
2007-03-28 20:34 -------- d-------- C:\Program Files\picasa2
2007-03-28 20:32 -------- d-------- C:\Program Files\messenger
2007-03-28 20:26 -------- d-------- C:\Program Files\itunes
2007-03-28 20:25 -------- d-------- C:\Program Files\google
2007-03-27 22:52 3446 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-25 20:42 -------- d-------- C:\Program Files\hijack this
2007-03-08 19:47 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-21 21:42 129 --a------ C:\fix.bat
2007-02-20 21:14 -------- d-------- C:\Program Files\shockwave.com
2007-02-10 20:00 14201 --a------ C:\Program Files\hijackthis.log
2007-01-31 19:15 -------- d-------- C:\DOCUME~1\Molly\APPLIC~1\winantivirus pro 2006
2007-01-28 22:13 -------- d-------- C:\Program Files\lg software innovations
2007-01-28 22:05 -------- d-------- C:\Program Files\clonedvd
2007-01-28 21:28 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-01-28 21:26 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 15:08 14612 --a------ C:\Program Files\cwshredder.exe-2d092fd4.pf
2007-01-21 15:03 532480 --a------ C:\Program Files\cwshredder.exe
2007-01-12 18:19 0 --a------ C:\WINDOWS\system32\vb2en16.dll
2007-01-11 16:35 12800 --a------ C:\WINDOWS\system32\svchost.exe
2007-01-07 18:21 1 --a------ C:\WINDOWS\system32\ps.dat
2007-01-07 18:21 1 --a------ C:\WINDOWS\system32\cookie.dat
2007-01-07 13:16 25600 --a------ C:\WINDOWS\system32\helper.dll
2007-01-04 22:35 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49 5037072 --a------ C:\Program Files\spybotsd14.exe
2007-01-01 12:02 507 --a------ C:\WINDOWS\ereg077.dat
2006-12-25 16:33 23066 --a------ C:\Program Files\plainoldfavorites-0.5.6-fx-windows.xpi


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\System32\\eatjwiat.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-30 20:43:54
C:\ComboFix ... 07-03-30 20:42
C:\ComboFix ... 07-03-30 20:42
C:\ComboFix2.txt ... 07-03-27 20:44
C:\ComboFix3.txt ... 07-03-25 20:23

Panda Results


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected C:\Documents and Settings\Molly\Desktop\Click To Find and Fix Errors.lnk
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ShellViewControl
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[systemdoctor.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Molly\Cookies\molly@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Molly\Cookies\molly@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Molly\Cookies\molly@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Molly\Cookies\molly@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Cookies\molly@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Molly\Cookies\molly@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Molly\Cookies\molly@bfast[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Molly\Cookies\molly@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Molly\Cookies\molly@dist.belnk[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Molly\Cookies\molly@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Molly\Cookies\molly@realmedia[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Molly\Cookies\molly@stats1.reliablestats[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Molly\Cookies\molly@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Molly\Cookies\molly@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Molly\Cookies\molly@winantivirus[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Molly\Cookies\molly@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc1.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc2.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eatjwiat.dll
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.KAD.worm Disinfected C:\WINDOWS\system32\setup_43565.exe DSS SCANS
**** Duane

Deckard's System Scanner v20070318.32
Run by Duane on 2007-03-31 at 11:39:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Duane.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:39:19 AM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Duane\Desktop\dss.exe
C:\HIJACK~1\Duane.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-21 22:56:19 0 d---s---- C:\Documents and Settings\Duane\Application Data\Microsoft<MICROS~1>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-24 10:40:37 0 d-------- C:\Documents and Settings\Duane\Application Data\AVG7
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-28 21:26:55 34 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.log
2007-01-28 21:26:41 47360 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.sys
2007-01-28 21:26:41 1144 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.inf
2007-01-28 21:26:41 7176 --a------ C:\Documents and Settings\Duane\Application Data\pcouffin.cat
2007-01-28 21:26:41 81920 --a------ C:\Documents and Settings\Duane\Application Data\ezpinst.exe
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:39:37 ---------

**** Molly

Deckard's System Scanner v20070318.32
Run by Molly on 2007-03-31 at 11:13:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-31 11:16:11
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\KBDAP32A.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\hijackthis\Molly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra 'Tools' menuitem: (no name) - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker () - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon () - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo () - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack () - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers () - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess () - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage () - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice () - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish () - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire () - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker () - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids () - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Google Updater Service (gusvc) - Google - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 09:26:15 79 --a------ C:\WINDOWS\System32\pfdnnt_actions.sys<PFDNNT~1.SYS>
2007-03-31 09:26:15 8704 --a------ C:\WINDOWS\System32\pfdnnt.exe
2007-03-31 08:51:23 52674 --a------ C:\WINDOWS\System32\setup_43565.exe<SETUP_~2.EXE>
2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-29 17:23:16 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 13:47:01 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-31 19:15:42 0 d-------- C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006<WINANT~1>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:16:35 ---------

**** CODY

Deckard's System Scanner v20070318.32
Run by Cody on 2007-03-31 at 11:34:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Cody.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:34:32 AM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Cody\Desktop\dss.exe
C:\HIJACK~1\Cody.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:34:52 ---------


End of Page 1 of 2
Last edited by cul8rman; 03-31-2007 at 02:34 PM.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 02:31 PM   #109 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Page 2


**** ROBYN

Deckard's System Scanner v20070318.32
Run by Robyn on 2007-03-31 at 11:33:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robyn.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:33:12 AM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Robyn\Desktop\dss.exe
C:\HIJACK~1\Robyn.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:33:30 ---------

**** Others

Deckard's System Scanner v20070318.32
Run by Others on 2007-03-31 at 11:30:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Others.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:31:06 AM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\Others\Desktop\dss.exe
C:\HIJACK~1\Others.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DeluxeCommunications"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:31:29 ---------

**** Master Account

Deckard's System Scanner v20070318.32
Run by Master Account on 2007-03-31 at 11:41:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Master Account.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:41:36 AM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\Master Account\Desktop\dss.exe
C:\HIJACK~1\MASTER~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-02-28 and 2007-03-31 -----------------------------

2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-29 21:52:39 0 --a------ C:\WINDOWS\System32\setup_15076.exe<SETUP_~1.EXE>
2007-03-28 20:56:28 123972 --a------ C:\WINDOWS\System32\eatjwiat.dll
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-25 20:22:37 0 d-------- C:\Documents and Settings\Duane\Application Data\SearchToolbarCorp<SEARCH~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun
2007-03-10 11:31:19 0 d-------- C:\Rustbfix
2007-03-08 19:33:08 49152 --a------ C:\Documents and Settings\Duane\vfind.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-31 09:07:16 0 d-------- C:\Program Files\Picasa2
2007-03-31 09:05:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-31 09:00:28 0 d-------- C:\Program Files\iTunes
2007-03-31 08:59:12 0 d-------- C:\Program Files\Google
2007-03-31 08:56:47 0 d-------- C:\Program Files\BigFix
2007-03-31 07:37:55 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-30 22:11:55 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 11:59:31 0 d-------- C:\Documents and Settings\Master Account\Application Data\Mozilla
2007-03-24 11:59:17 0 d-------- C:\Documents and Settings\Master Account\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-12 18:19:57 0 --a------ C:\WINDOWS\System32\vb2en16.dll
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\ps.dat
2007-01-07 18:21:40 1 --a------ C:\WINDOWS\System32\cookie.dat
2007-01-07 13:16:52 25600 --a------ C:\WINDOWS\System32\helper.dll
2007-01-04 22:35:41 10660 --a------ C:\WINDOWS\mozver.dat
2007-01-03 20:49:11 5037072 --a------ C:\Program Files\spybotsd14.exe<SPYBOT~1.EXE>
2007-01-01 12:02:40 507 --a------ C:\WINDOWS\EReg077.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-31 at 11:41:54 ---------

End of Posts - It seems to be better, but not yet there.
Last edited by cul8rman; 03-31-2007 at 02:44 PM.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2007, 09:28 PM   #110 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I was using Explore and did see the Windows\system32\i file as well as the two setup_#####.exe files.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2007, 08:17 AM   #111 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,813
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Yeah...I see that too in the logs.

This round will be a bit easier on you. Delete your current SDFix and download it again as it has been updated.

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

-------------------------------------------------------------------

Disconnect this PC from the internet.

-------------------------------------------------------------------

Reboot into Safe Mode. We can use Molly's acct.

-------------------------------------------------------------------

Delete this file:

C:\WINDOWS\system32\ eatjwiat.dll

Do a search via Start>Search All files and folders and delete each occurrence of the following folder:

SearchToolbarCorp

-------------------------------------------------------------------

Now run SDFix:

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
-------------------------------------------------------------------

You should now be in Normal Mode.

-------------------------------------------------------------------

Navigate to C:\WINDOWS\System32\dgjun.bat. Right click that file and 'send to' Compressed (zipped) folder. Upload that zip file in your next reply via Manage Attachments.

-------------------------------------------------------------------

Reconnect to the internet.

-------------------------------------------------------------------

Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop.

Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. It will produce a log.
  • Copy the log using the Copy button
  • Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread.
-------------------------------------------------------------------

Please run dss.exe again, (just on Molly's account will do this time) but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you.

I'll need the following in your next reply:

C:\SDFix\Report.txt
gmer log
main.txt
extra.txt
Uploaded zip file you created for dgjun.bat
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 04-01-2007 at 08:20 AM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2007, 09:28 PM   #112 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I did not follow directions perfectly this time. I accidentally ran SmitfraudFix in place of SDFix, then I ran the SDFix program. My second error was to run dss the regular way, then I ran it per you direction. Hopefully I did not mess things up too bad, no fool'n.

Results / Notes from last directives given.

Quote:
Delete this file:

C:\WINDOWS\system32\eatjwiat.dll

Do a search via Start>Search All files and folders and delete each occurrence of the following folder:

SearchToolbarCorp
Completed and found this
**** Search found 6, 2 x in
C:\RECYCELER\S-1-5-21-1784762916-2740901186-3389046013-1009
2 x in C:\RECYCLER\s...-1006
2 x in C:\RECYCLER\s...-1008

** ** ** ** ** ** ** ** ** ** ** **
SDFix Report


SDFix: Version 1.75

Run by Molly - Sun 04/01/2007 - 11:29:53.59

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\setup_15076.exe - Deleted
C:\WINDOWS\system32\setup_44350.exe - Deleted
C:\WINDOWS\system32\setup_47673.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Common Files\aolshare\shell\us\shellext.dll
C:\Program Files\Common Files\csshare\shell\us\shellext.dll
C:\My Games\Action Ball\actionball.exe
C:\My Games\Adventure Ball\AdventureBall.exe
C:\My Games\Aqua Pearls\pearls.exe
C:\My Games\Cactus Bruce and the Corporate Monkeys\RealCB12.exe
C:\My Games\Clash 'N Slash\Clash N Slash.exe
C:\My Games\Flying Leo\FlyingLeo.exe
C:\My Games\Icy Spell\IcySpell.exe
C:\My Games\Impact\Impact.exe
C:\My Games\Inspheration\Inspheration.exe
C:\My Games\Jewel of Atlantis\Jewel of Atlantis.exe
C:\My Games\Mirror Magic\mirrormagic.exe
C:\My Games\Mosaic - Tomb of Mystery\Mosaic.exe
C:\My Games\Phlinx to Go\PhlinxToGo.exe
C:\My Games\Rainbow Web\RainbowWeb.exe
C:\My Games\Snowy - Space Trip\SpaceTrip.exe
C:\My Games\Turtle Odyssey\Game.exe
C:\My Games\Wheel of Fortune\Wheel of Fortune.exe
C:\Program Files\America Online 8.0\aolphx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\RBM.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\COMIT\cswitch.exe
C:\Program Files\CompuServe 7.0\csphx.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\CompuServe 7.0\RBM.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\CompuServe 7.0\COMIT\cswitch.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

** ** ** ** ** ** ** ** ** ** ** **
dgjun file not attached, issues trying to upload, will reboot and try again, that usually fixes everything

** ** ** ** ** ** ** ** ** ** ** **
GMER File

SDFix: Version 1.75

Run by Molly - Sun 04/01/2007 - 11:29:53.59

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\SETUP_~1.EXE - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\setup_15076.exe - Deleted
C:\WINDOWS\system32\setup_44350.exe - Deleted
C:\WINDOWS\system32\setup_47673.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\s