Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page I have a red Biohazed sign on my desktop with popup windows.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-06-2007, 09:50 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


I have a red Biohazed sign on my desktop with popup windows.
I have a red Biohazed sign on my desktop with popup windows my IE won't stay open for more then 15 seconds at a time if it open at all I get all these popup warning signs and there's an red X that blinks in my quick launch I tryed clicking on it but nothing happens I'm writeing this post useing AOL I'm running AOL McAFEE security but it has not found the threat even with a full scan I ran it twice with all programs closed I also tryed TrendMicro Housecall and that helped a little but didn't get rid of the problem and It took 8 to 12 hours for it to run a full scan of my system can anyone help me with this problem forever in your debt thanx in advance..! here are the spec. of my PC.

Dell DV051
IE- 6.0
Win XP Prof.
5.1.2600 SP-2
Total Memory 2.00GB
Available Memory 1.96GB
Processor:x86 family 15 model 4 stepping 9 Genuinelntel ~2793 Mhz x2
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-07-2007, 12:49 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Note:

DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts


    If the following message from DSS appears, please click on "Yes" to allow it to download HijackThis, if you don't already have it.



    Allow DSS through your firewall to download HijackThis by clicking "OK"




    DSS has installed HijackThis, and placed a shortcut on your desktop. Click "OK" to allow the scan to continue.




    .
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Next.....

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2007, 01:17 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
Logfile of HijackThis v1.99.1
Scan saved at 10:27:06 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\AOL\1191351858\ee\AOLSoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191351858\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...4MFUS_ZZzer000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...rk/Coupons.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.secure-session.com/include/XUpload.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msvb - {66065DF9-D593-4480-BA99-1EFABB0DC79F} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {2C82102A-26D7-463F-8284-2E6112953EB5} - C:\WINDOWS\sysdx.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2007, 01:24 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
SmitFraudFix v2.239

Scan done at 13:18:29.68, Sun 10/07/2007
Run from C:\Program Files\AOL 9.0\download\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1191351858\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\msmdev.dll FOUND !
C:\WINDOWS\msmhost.dll FOUND !
C:\WINDOWS\msvb.dll FOUND !
C:\WINDOWS\nsduo.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\sysdx.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Isaac Mason


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Isaac Mason\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ISAACM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
DNS Server Search Order: 64.13.40.5
DNS Server Search Order: 64.13.48.12

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
DNS Server Search Order: 64.13.40.5
DNS Server Search Order: 64.13.48.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2007, 01:37 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Did you have troubles with the Deckard's System Scanner instructions? I didn't ask for a HijackThis log. DSS is more comprehensive.



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

---------------------------------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
  • "Security Info"
  • "Warning Message"
  • "Security Desktop"
  • "Warning Homepage"
  • "Desktop Uninstall"
  • privacy_danger or something similar
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

---------------------------------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------


Then post the following logs in your next reply...

C:\rapport.txt (log from the tool)
Hijackthis log
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 10-07-2007 at 01:39 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-08-2007, 04:57 PM   #6 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
I'm so sorry It took me so long to respond I had to work a double shift. Ok I didn't understand the last part of your instructions on what you wanted me to post and how so I'm going to just send you the results I got from each scan I did :

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:27 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ISAACM~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...rk/Coupons.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.secure-session.com/include/XUpload.ocx
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab55579.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 12770 bytes

Rapport:

SmitFraudFix v2.235
Scan done at 16:03:55.73, Mon 10/08/2007
Run from C:\Documents and Settings\Isaac Mason\Desktop\DOC\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\msmdev.dll Deleted
msmdev not found.
C:\WINDOWS\msmhost.dll Deleted
msmhost not found.
C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{044BD2B6-BF2D-425A-A528-9A9ED592C13B}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C8AFC74E-C74F-4E4C-BB6D-BEB0D094AB13}: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.13.40.5 64.13.48.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Main.txt:

Deckard's System Scanner v20070905.67
Run by Isaac Mason on 2007-10-08 16:28:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2007-10-08 22:28:35 UTC - RP192 - Deckard's System Scanner Restore Point
93: 2007-10-08 21:27:12 UTC - RP191 - Software Distribution Service 3.0
92: 2007-10-08 21:09:35 UTC - RP190 - Installed Lexmark Fax Solutions
91: 2007-10-08 18:03:23 UTC - RP189 - Configured Lexmark Fax Solutions
90: 2007-10-07 19:02:06 UTC - RP188 - Deckard's System Scanner Restore Point


-- First Restore Point --
1: 2007-07-10 17:43:36 UTC - RP99 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-08 16:30:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\ISAACM~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Isaac Mason\Local Settings\Temporary Internet Files\Content.IE5\BBLJR1CW\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra 'Tools' menuitem: (no name) - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Diagnose Connection Problems... - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...rk/Coupons.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.secure-session.com/include/XUpload.ocx
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab55579.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: GoogleDesktopManager - Google - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - Service: QBCFMonitorService - Intuit - "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"
O23 - Service: WMP54Gv4SVC - GEMTEKS - "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10BD256C&0&08F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10BD256C&0&08F0
Service: RT2500


-- Scheduled Tasks -------------------------------------------------------------

2007-10-08 16:11:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-05 15:00:06 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-10-02 12:13:23 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-02 12:13:21 344 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-09-08 and 2007-10-08 -----------------------------

2007-10-08 15:09:43 0 d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2007-10-08 15:08:52 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-10-08 15:02:14 0 d-------- C:\Program Files\Lexmark 4200 Series
2007-10-07 16:58:11 89184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2007-10-07 16:57:57 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-10-07 16:57:56 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-10-07 16:57:55 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-10-07 16:57:53 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-07 16:57:53 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-07 16:57:47 0 d-------- C:\Program Files\Ahead
2007-10-07 16:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-05 04:11:39 0 d-------- C:\Documents and Settings\Isaac Mason\.housecall6.6
2007-10-03 19:16:38 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\AOL
2007-10-03 19:16:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-10-03 19:13:24 65536 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2007-10-03 19:11:38 0 d-------- C:\Program Files\AOL 9.0
2007-10-03 13:53:30 0 d-------- C:\Program Files\Adware Away
2007-10-02 21:34:25 1742 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 20:04:18 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\PC Tools
2007-10-02 13:07:11 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-02 12:56:28 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Sereniti
2007-10-02 12:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-02 12:13:41 0 d-------- C:\mcafee_mcpr
2007-10-02 12:12:51 0 d-------- C:\Program Files\McAfee.com
2007-10-02 12:12:35 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-02 12:12:26 0 d-------- C:\Program Files\McAfee
2007-10-02 11:57:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-02 11:14:13 426 --a------ C:\Documents and Settings\Isaac Mason\Menu-21114133.reg
2007-10-02 11:13:51 790 --a------ C:\Documents and Settings\Isaac Mason\BHO-21113517.reg
2007-10-02 11:12:54 424 --a------ C:\Documents and Settings\Isaac Mason\BHO-21112546.reg
2007-10-02 11:12:38 556 --a------ C:\Documents and Settings\Isaac Mason\BHO-21112380.reg
2007-10-02 11:12:30 972 --a------ C:\Documents and Settings\Isaac Mason\TB-21112309.reg
2007-10-02 11:12:15 7827 --a------ C:\Documents and Settings\Isaac Mason\TB-21112156.reg
2007-10-02 11:11:15 437 --a------ C:\Documents and Settings\Isaac Mason\BHO-21111155.reg
2007-10-02 11:11:07 431 --a------ C:\Documents and Settings\Isaac Mason\BHO-2111172.reg
2007-10-02 11:09:16 8188 --a------ C:\Documents and Settings\Isaac Mason\TB-2119162.reg
2007-10-02 11:09:11 8306 --a------ C:\Documents and Settings\Isaac Mason\TB-2119115.reg
2007-10-02 11:09:00 635 --a------ C:\Documents and Settings\Isaac Mason\TB-211906.reg
2007-10-02 10:58:14 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-01 19:37:47 315392 --a------ C:\WINDOWS\sysdx.dll
2007-10-01 19:37:47 274432 --a------ C:\WINDOWS\msvb.dll <Not Verified; ; msvb>
2007-09-25 15:11:04 0 d-------- C:\WINDOWS\system32\appmgmt
2007-09-10 10:47:25 0 d-------- C:\WHG0NNW1
2007-09-10 03:22:35 0 d-------- C:\Program Files\Alarm
2007-09-09 22:25:10 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Ahead
2007-09-09 22:24:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-09 21:33:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-09 21:33:34 0 d-------- C:\Program Files\DVD Shrink
2007-09-09 21:27:18 0 d-------- C:\THE_NUMBER_23
2007-09-09 21:26:51 0 d-------- C:\Program Files\DVD Decrypter


-- Find3M Report ---------------------------------------------------------------

2007-10-08 15:32:32 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\LimeWire
2007-10-08 15:10:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-08 03:08:55 0 d-------- C:\Program Files\Spyware Doctor
2007-10-07 16:57:53 0 d-------- C:\Program Files\Common Files
2007-10-06 19:46:21 0 d-------- C:\Program Files\DAP
2007-10-05 09:15:41 0 d--hs---- C:\Program Files\winupdates
2007-10-04 00:58:39 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Yahoo!
2007-10-03 19:16:21 0 d-------- C:\Program Files\Common Files\AOL
2007-10-03 19:15:02 0 d-------- C:\Program Files\Common Files\aolshare
2007-10-03 14:29:16 0 d-------- C:\Program Files\Yahoo!
2007-10-03 14:28:33 0 d-a------ C:\Program Files\FunWebProducts
2007-10-02 12:38:45 0 d-------- C:\Program Files\Trend Micro
2007-09-21 23:42:16 4 --a------ C:\WINDOWS\system32\7C3255
2007-09-10 08:25:36 2 ---hs---- C:\WINDOWS\system32\taskkill.com
2007-09-10 08:25:36 2 ---hs---- C:\WINDOWS\system32\cmd.com
2007-09-10 08:25:35 2 ---hs---- C:\WINDOWS\system32\tracert.com
2007-09-10 08:25:35 2 ---hs---- C:\WINDOWS\system32\tasklist.com
2007-09-10 08:25:34 2 ---hs---- C:\WINDOWS\system32\ping.com
2007-09-10 08:25:34 2 ---hs---- C:\WINDOWS\system32\netstat.com
2007-09-09 22:29:08 0 d-------- C:\Program Files\The Weather Channel FW
2007-09-05 00:28:14 8508 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-05 00:28:14 152 -r-hs---- C:\WINDOWS\system32\9CF490C6BA.sys
2007-09-03 15:11:42 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Media Player Classic
2007-09-03 15:11:08 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-03 15:11:03 0 d-------- C:\Program Files\MP4 Player
2007-08-27 16:49:28 62464 --a------ C:\WINDOWS\system32\bszip.dll <Not Verified; BigSpeedSoft; BigSpeed Zip DLL>
2007-08-22 13:03:24 0 d-------- C:\Program Files\LimeWire
2007-08-15 22:15:34 0 d-------- C:\Program Files\eMusic Download Manager
2007-08-15 21:55:50 0 d-------- C:\Program Files\Rhapsody
2007-08-15 21:49:40 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\InstallShield
2007-08-15 21:46:01 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Real
2007-08-14 17:48:00 0 d-------- C:\Program Files\MSN Messenger
2007-08-09 17:09:55 0 d-------- C:\Program Files\Kodak
2007-08-09 17:09:26 0 d-------- C:\Program Files\Common Files\Kodak
2007-08-08 11:17:59 0 d-------- C:\Documents and Settings\Isaac Mason\Application Data\Microsoft Games
2007-08-08 11:07:47 0 d-------- C:\Program Files\Microsoft Games
2007-07-30 20:54:57 229732 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8953.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [09/27/2007 01:43 PM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 04:04 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 10:59 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.0\AOL.exe" [04/18/2007 12:49 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/2007 11:09 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isaac Mason^Start Menu^Programs^Startup^LimeWire Acceleration Patch.lnk]
path=C:\Documents and Settings\Isaac Mason\Start Menu\Programs\Startup\LimeWire Acceleration Patch.lnk
backup=C:\WINDOWS\pss\LimeWire Acceleration Patch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isaac Mason^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Isaac Mason\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\AOL 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashBuzz]
C:\Program Files\CashBuzz v.3.2\cashbuzz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]
C:\WINDOWS\system32\arpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1191351858\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI]
"C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-08 16:33:44 ------------


Extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.07 MiB / 521.82 MiB
Pagefile Memory (total/avail): 2441.19 MiB / 1790.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.15 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.34 GiB total, 44.05 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB1 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 144.34 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Home Networking Application"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Activision\\Bridge Commander\\stbc.exe"="C:\\Program Files\\Activision\\Bridge Commander\\stbc.exe:*:Enabled:stbc"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"="C:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe:*:Enabled:- Play Games -"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Common Files\\AOL\\1191351858\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1191351858\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Isaac Mason\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SYRUSE-1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Isaac Mason
LOGONSERVER=\\SYRUSE-1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ISAACM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ISAACM~1\LOCALS~1\Temp
USERDOMAIN=SYRUSE-1
USERNAME=Isaac Mason
USERPROFILE=C:\Documents and Settings\Isaac Mason
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Isaac Mason (admin)
Amalia Mally Mason (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Active Security Monitor 2.0.0.18 --> "C:\Program Files\AOL\Active Security Monitor\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adware Away v3.1.3 --> "C:\Program Files\Adware Away\unins000.exe"
Alarm 2.0.1 --> "C:\Program Files\Alarm\unins000.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
AVS Cover Editor 1.3.1.79 (AVSMedia) --> "C:\Program Files\AVSMedia\CoverEditor\unins000.exe"
AVS DVD Copy version 1.4 --> "C:\Program Files\AVSMedia\DVDCopy\unins000.exe"
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe"
Burn4Free Toolbar --> "C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8953.exe" _?=C:\Program Files\Burn4Free Toolbar
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CashBuzz v.3.2 --> "C:\Program Files\CashBuzz v.3.2\uninstall.exe"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\DOCUME~1\ISAACM~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_72ef80f\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Kybtec World Clock 3.3.1.1 --> MsiExec.exe /I{25D4A6A6-BFBF-49AF-89CA-635A468B0515}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
LimeWire Acceleration Patch --> C:\Program Files\LimeWire Acceleration Patch\uninstall.exe
LimeWire PRO 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0033) --> rundll32 C:\PROGRA~1\LINKSY~2\AUInst.dll,ExUninstall
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Mailinfo for Outlook Express --> C:\PROGRA~1\Mailinfo\MAILIN~1\UNWISE.EXE C:\PROGRA~1\Mailinfo\MAILIN~1\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Money Manager Ex 0.8.0.6 (beta) --> "C:\Program Files\Money Manager Ex\unins000.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan --> MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Product Listing Service --> MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickBooks Simple Start Free Starter Edition --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Free Starter Edition" ADDREMOVE=1 OEMVENDOR=DIRECT
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
SpeedOptimizer --> C:\PROGRA~1\SPEEDO~1\UNWISE.EXE C:\PROGRA~1\SPEEDO~1\INSTALL.LOG
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Star Trek Bridge Commander --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Activision\Bridge Commander\stbc.isu"
Starware Recipe Toolbar --> C:\Program Files\Starware337\Starware337Uninstall.exe
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Tiny soft --> C:\Documents and Settings\Amalia Mally Mason\Application Data\tiny\uninstall.bat
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual Day Planner --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Visual Day Planner\DeIsL1.isu"
Vongo --> MsiExec.exe /X{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! IE Search Suggest --> C:\PROGRA~1\Yahoo!\Search\UNINST~1.EXE
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4605 / Warning
Event Submitted/Written: 10/08/2007 04:08:50 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4604 / Warning
Event Submitted/Written: 10/08/2007 04:08:50 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type4597 / Warning
Event Submitted/Written: 10/08/2007 03:47:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4591 / Warning
Event Submitted/Written: 10/08/2007 0305 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4590 / Warning
Event Submitted/Written: 10/08/2007 0305 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10525 / Warning
Event Submitted/Written: 10/07/2007 04:43:42 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10523 / Warning
Event Submitted/Written: 10/07/2007 11:40:52 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10522 / Warning
Event Submitted/Written: 10/07/2007 03:39:50 AM / 10/07/2007 03:39:51 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10479 / Error
Event Submitted/Written: 10/06/2007 03:21:06 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Vongo Service service terminated unexpectedly. It has done this 2 time(s).

Event Record #/Type10473 / Error
Event Submitted/Written: 10/06/2007 03:20:46 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000d1, parameter1 00011000, parameter2 00000002, parameter3 00000000, parameter4 aa3e8ec9.



-- End of Deckard's System Scanner: finished at 2007-10-08 16:33:44 ------------
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-08-2007, 05:47 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Hi MsMason.....best to ask questions before proceeding if you're unsure of anything. I try to use instructions that are easy to follow in a step-by-step manner. You need to carefully read the instructions before proceeding.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Do you have more than one version of SmitfraudFix on your machine? Because Option 1 log indicates version SmitFraudFix v2.239 (which is the latest) and Option 2 log indicates SmitFraudFix v2.235 (which is several days old.

We'll use another tool, as I see some other items it will help clean up.

Again, if you have questions, ask before acting please.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  4. Follow the prompts. Type "1" and press Enter to begin the scan.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Re-establish an internet connection.
  8. Open HijackThis (not DSS this time, thanks) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2007, 08:41 AM   #8 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
I wanna start this post out by thanking you for all your help with my PC here is the info you wanted:

ComboFix 07-10-09.3 - Isaac Mason 2007-10-08 22:33:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT -6:00]
Running from: C:\Documents and Settings\Isaac Mason\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware337
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Amalia Mally Mason\Application Data\install.dat
C:\Documents and Settings\Amalia Mally Mason\Application Data\install.dat
C:\Documents and Settings\Isaac Mason\Application Data\Starware337
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Configurator\Configurator.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Configurator\Configurator.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Configurator\Configurator.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Configurator\Configurator.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Isaac Mason\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\00D7CAAD.dat
C:\Program Files\FunWebProducts\Shared\00EB9CF4.dat
C:\Program Files\Starware337
C:\Program Files\Starware337\brand.bmp
C:\Program Files\Starware337\icons\star_16.ico
C:\Program Files\Starware337\Starware337Config.xml
C:\Program Files\Starware337\Starware337Uninstall.exe
C:\Program Files\winupdates
C:\WINDOWS\dat.txt
C:\WINDOWS\msvb.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\sysdx.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000042_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com

.
((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-08 22:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2007-10-08 15:08 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-10-08 15:03 286,720 --a------ C:\WINDOWS\system32\lxbmcomm.dll
2007-10-08 15:03 73,728 --a------ C:\WINDOWS\system32\lxbmpwr.dll
2007-10-08 15:03 40,960 --a------ C:\WINDOWS\system32\lxbmvs.dll
2007-10-08 15:02 <DIR> d-------- C:\Program Files\Lexmark 4200 Series
2007-10-07 16:59 1,331,200 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-07 16:58 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-07 16:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-07 16:57 <DIR> d-------- C:\Program Files\Ahead
2007-10-07 16:57 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-10-07 16:57 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-10-07 16:57 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-10-07 16:57 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-07 16:57 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-10-07 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-07 13:00 <DIR> d-------- C:\Deckard
2007-10-05 04:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-05 04:11 <DIR> d-------- C:\Documents and Settings\Isaac Mason\.housecall6.6
2007-10-03 19:16 <DIR> d-------- C:\Documents and Settings\Isaac Mason\Application Data\AOL
2007-10-03 19:13 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2007-10-03 19:11 <DIR> d-------- C:\Program Files\AOL 9.0
2007-10-03 13:53 <DIR> d-------- C:\Program Files\Adware Away
2007-10-02 21:34 1,742 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 20:04 <DIR> d-------- C:\Documents and Settings\Isaac Mason\Application Data\PC Tools
2007-10-02 20:04 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-02 20:04 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-02 20:04 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-02 20:04 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-02 13:21 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-02 13:21 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-02 13:21 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-02 13:21 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-02 13:21 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-02 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-02 12:56 <DIR> d-------- C:\Documents and Settings\Isaac Mason\Application Data\Sereniti
2007-10-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-02 12:13 <DIR> d-------- C:\mcafee_mcpr
2007-10-02 12:13 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-02 12:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-02 12:12 <DIR> d-------- C:\Program Files\McAfee
2007-10-02 12:12 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-02 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-02 11:14 426 --a------ C:\Documents and Settings\Isaac Mason\Menu-21114133.reg
2007-10-02 11:13 790 --a------ C:\Documents and Settings\Isaac Mason\BHO-21113517.reg
2007-10-02 11:12 7,827 --a------ C:\Documents and Settings\Isaac Mason\TB-21112156.reg
2007-10-02 11:12 972 --a------ C:\Documents and Settings\Isaac Mason\TB-21112309.reg
2007-10-02 11:12 556 --a------ C:\Documents and Settings\Isaac Mason\BHO-21112380.reg
2007-10-02 11:12 424 --a------ C:\Documents and Settings\Isaac Mason\BHO-21112546.reg
2007-10-02 11:11 437 --a------ C:\Documents and Settings\Isaac Mason\BHO-21111155.reg
2007-10-02 11:11 431 --a------ C:\Documents and Settings\Isaac Mason\BHO-2111172.reg
2007-10-02 11:09 8,306 --a------ C:\Documents and Settings\Isaac Mason\TB-2119115.reg
2007-10-02 11:09 8,188 --a------ C:\Documents and Settings\Isaac Mason\TB-2119162.reg
2007-10-02 11:09 635 --a------ C:\Documents and Settings\Isaac Mason\TB-211906.reg
2007-10-02 10:58 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-10 10:47 <DIR> d-------- C:\WHG0NNW1
2007-09-10 03:22 <DIR> d-------- C:\Program Files\Alarm
2007-09-09 22:25 <DIR> d-------- C:\Documents and Settings\Isaac Mason\Application Data\Ahead
2007-09-09 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-09 21:33 <DIR> d-------- C:\Program Files\DVD Shrink
2007-09-09 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-09 21:27 <DIR> d-------- C:\THE_NUMBER_23
2007-09-09 21:26 <DIR> d-------- C:\Program Files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 04:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-08 21:32 --------- d-----w C:\Documents and Settings\Isaac Mason\Application Data\LimeWire
2007-10-08 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-08 21:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 09:08 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-07 01:46 --------- d-----w C:\Program Files\DAP
2007-10-04 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-04 06:58 --------- d-----w C:\Documents and Settings\Isaac Mason\Application Data\Yahoo!
2007-10-04 01:16 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-04 01:15 --------- d-----w C:\Program Files\Common Files\aolshare
2007-10-03 20:29 --------- d-----w C:\Program Files\Yahoo!
2007-10-02 18:38 --------- d-----w C:\Program Files\Trend Micro
2007-09-10 04:29 --------- d-----w C:\Program Files\The Weather Channel FW
2007-09-05 06:28 8,508 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-03 21:11 --------- d-----w C:\Program Files\MP4 Player
2007-09-03 21:11 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-09-03 21:11 --------- d-----w C:\Documents and Settings\Isaac Mason\Application Data\Media Player Classic
2007-08-22 19:03 --------- d-----w C:\Program Files\LimeWire
2007-08-16 04:15 --------- d-----w C:\Program Files\eMusic Download Manager
2007-08-16 03:55 --------- d-----w C:\Program Files\Rhapsody
2007-08-16 03:49 --------- d-----w C:\Documents and Settings\Isaac Mason\Application Data\InstallShield
2007-08-16 03:46 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-08-16 03:46 --------- d-----w C:\Documents and Settings\Isaac Mason\Application Data\Real
2007-08-14 23:48 --------- d-----w C:\Program Files\MSN Messenger
2007-08-09 23:09 --------- d-----w C:\Program Files\Kodak
2007-08-09 23:09 --------- d-----w C:\Program Files\Common Files\Kodak
2007-08-09 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-07-31 02:54 229,732 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8953.exe
2007-07-31 01:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 01:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 01:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 01:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 01:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 01:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 01:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 01:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 01:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 01:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 01:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 01:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 01:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 01:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 01:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-01 07:12 2 ----a-w C:\Documents and Settings\Amalia Mally Mason\Application Data\xxx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-27 13:43]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 04:04]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 10:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.0\AOL.exe" [2007-04-18 00:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 11:09]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isaac Mason^Start Menu^Programs^Startup^LimeWire Acceleration Patch.lnk]
path=C:\Documents and Settings\Isaac Mason\Start Menu\Programs\Startup\LimeWire Acceleration Patch.lnk
backup=C:\WINDOWS\pss\LimeWire Acceleration Patch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isaac Mason^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Isaac Mason\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\AOL 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashBuzz]
C:\Program Files\CashBuzz v.3.2\cashbuzz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gwiz]
C:\WINDOWS\system32\arpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1191351858\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI]
"C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 elagopro;GoProto Protocol Driver for LELA;C:\WINDOWS\system32\DRIVERS\elagopro.sys
R2 elaunidr;UniDriver for LELA;C:\WINDOWS\system32\DRIVERS\elaunidr.sys
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 18:13:23 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-10-02 18:13:21 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-10-09 04:44:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-05 21:00:06 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 22:42:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-10-08 22:45:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:45
.
--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 7:48:40 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...rk/Coupons.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.secure-session.com/include/XUpload.ocx
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames...A.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2007, 09:04 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
That's looking better. You're quite welcome for the help.

Do you know what this application is for, and have you intentionally installed it?

CashBuzz v.3.2

I can't find very much information about it.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2007, 11:30 AM   #10 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
yeah it's like messenger I don't even use it anymore I Installed it a few months ago and it never gave me any problems It came from a money loan web site it help me keep track of the loans I took I also used it to chat and play games I have no problem unInstalling it if you think that it's now a threat to my system
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2007, 11:54 AM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
I don't necessarily think it's a threat; when I can't find enough info on something, it does raise a flag and have me ask.

With that extra info, I've been able to track it down a bit better. Seems ok.

My opinion is, if you don't use it, uninstall it. Same for any program no longer used. Reduces the bloat. I apply that rule of thumb to my systems.

Let's get back to the malware removal.

Your last logs look pretty good.

This file can be deleted:

C:\Documents and Settings\Amalia Mally Mason\Application Data\xxx.exe

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 02:27 PM   #12 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
I deleted that program you said I should here is the report you wanted thanx again for helping me hope your having a wonderful day..!

Infected Object Name Virus Name Last Action

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2\install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2\msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2\msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\ac8zt2.dat ZIP: infected - 6 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1029.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1029.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1055.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1055.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1081.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1081.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT10A7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT10A7.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT10A7.tmp ZIP: infected - 2 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT118A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT118A.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT118A.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT118A.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT17E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT17E.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1A1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1A1.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1BE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT1BE.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT263.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT263.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT28B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT28B.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT2D2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT2D2.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT2F9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT2F9.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT35B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT35B.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4B3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4B3.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4EF.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4EF.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4F3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT4F3.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT5F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT5F.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6AC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6AC.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6AC.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6AC.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6C4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6C4.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6F5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT6F5.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT787.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT787.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT795.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT795.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT797.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT797.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT7C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT7C.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT818.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT818.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT821.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT821.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT85.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT85.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8AB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8AB.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8C1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8C1.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8F8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT8F8.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT913.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT913.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E5.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E8.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E8.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BIT9E8.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA19.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA19.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA2C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA2C.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA2D.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA2D.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA4.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA57.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA57.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA7.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITA8.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAA3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAA3.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAA3.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAA3.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAB1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAB1.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAB1.tmp ZIP: infected - 2 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABA.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABA.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABA.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABB.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABB.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITABC.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC0.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC1.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC1.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC1.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC2.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAC2.tmp ZIP: infected - 2 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAD5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAD5.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAD5.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAD5.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAED.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITAED.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITBCB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITBCB.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITBF8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITBF8.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITC31.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITC31.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITC35.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITC35.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCBE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCBE.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCBE.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCBE.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCC5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCC5.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCC9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCC9.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCE0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCE0.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCE0.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITCE0.tmp ZIP: infected - 3 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD10.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD10.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD13.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD13.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD14.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD14.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD75.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD75.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD7B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD7B.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD84.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITD84.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITEBB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITEBB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITEBB.tmp ZIP: infected - 2 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF07.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF07.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF36.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF36.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\BITF4.tmp ZIP: infected - 1 skipped

C:\Deckard\System Scanner\20071008162819\backup\DOCUME~1\ISAACM~1\LOCALS~1\Temp\NERO13390\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\syruseone\MyDB.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\syruseone\toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\syruseo00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\syruseone Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\syruseone.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\syruseone.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3E5FEEC3-9B5C-46E6-92C8-939871912CE9}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{41A22CA5-1DA8-4EBD-BB72-6FA76A3D012F}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9FCAF03D-BA16-4597-B562-1792EA063E24}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05162007-202411.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire\Orig.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7AF.tmp.bac_a02364/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7AF.tmp.bac_a02364/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7AF.tmp.bac_a02364 ZIP: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7AF.tmp.bac_a02364 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7B0.tmp.bac_a02364/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7B0.tmp.bac_a02364/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7B0.tmp.bac_a02364/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7B0.tmp.bac_a02364 ZIP: infected - 3 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7B0.tmp.bac_a02364 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7BF.tmp.bac_a02364/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7BF.tmp.bac_a02364/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7BF.tmp.bac_a02364 ZIP: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7BF.tmp.bac_a02364 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E2.tmp.bac_a02364/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E2.tmp.bac_a02364/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E2.tmp.bac_a02364 ZIP: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E2.tmp.bac_a02364 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E3.tmp.bac_a02364/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E3.tmp.bac_a02364/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E3.tmp.bac_a02364/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E3.tmp.bac_a02364 ZIP: infected - 3 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\BIT7E3.tmp.bac_a02364 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\msmdev.dll.bac_a02364 Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\msmdev.dll.bac_a03260 Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\msmhost.dll.bac_a02364 Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\msmhost.dll.bac_a03260 Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Isaac Mason\.housecall6.6\Quarantine\VideoAccessCodecInstall.exe.bac_a03260 Infected: Trojan-Downloader.Win32.Zlob.dal skipped

C:\Documents and Settings\Isaac Mason\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\Isaac Mason\Application Data\AOL\C_AOL 9.0\IDB\art.idx Object is locked skipped

C:\Documents and Settings\Isaac Mason\Application Data\AOL\C_AOL 9.0\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\Application Data\AOL\C_AOL 9.0\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\Isaac Mason\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\Isaac Mason\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\Desktop\DOC\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Isaac Mason\Desktop\DOC\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Isaac Mason\Desktop\DOC\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\History\History.IE5\MSHist012007101120071012\index.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\Temp\~DFF93F.tmp Object is locked skipped

C:\Documents and Settings\Isaac Mason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\AVIMoviePlayer50.exe/stream/data0052 Infected: not-a-virus:AdWare.Win32.Webdir.b skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\AVIMoviePlayer50.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\AVIMoviePlayer50.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\recipes.exe/data0011 Infected: not-a-virus:AdWare.Win32.Comet.bb skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\recipes.exe/data0012 Infected: not-a-virus:AdWare.Win32.Comet.be skipped

C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\recipes.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Isaac Mason\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Isaac Mason\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Isaac Mason\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\Program Files\Risk\debug.txt Object is locked skipped

C:\Program Files\Uninstall Ask Toolbar.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\qoobox\Quarantine\C\WINDOWS\msvb.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.ly skipped

C:\qoobox\Quarantine\C\WINDOWS\sysdx.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.lz skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0027909.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0027910.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0027918.exe Infected: not-a-virus:AdWare.Win32.Agent.mb skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0027919.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0027920.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028165.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028166.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028172.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028173.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028174.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028182.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028184.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028185.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028186.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028187.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028188.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028189.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028190.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028191.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028192.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028193.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028194.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028195.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028196.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028198.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028199.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028201.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028203.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028204.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028205.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028207.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028208.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028209.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028210.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028211.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028212.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028274.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028279.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028292.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0028293.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028343.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028353.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028354.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028546.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028547.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028662.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028663.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0028682.exe Infected: Trojan-Downloader.Win32.Zlob.dal skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029652.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029653.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029686.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029687.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029898.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029899.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029937.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP187\A0029938.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP188\A0029962.dll Infected: not-a-virus:AdWare.Win32.Agent.mb skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP188\A0029963.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP188\A0029964.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP191\A0032045.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP191\A0032046.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP193\A0032161.dll Infected: not-a-virus:AdWare.Win32.Agent.ly skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP193\A0032162.dll Infected: not-a-virus:AdWare.Win32.Agent.lz skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP204\A0033837.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP205\A0033871.exe Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP205\A0033872.exe Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\change.log Object is locked skipped

C:\WINDOWS\cpbrkpie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{17B3E172-A68E-41CA-9F47-E71E030FD184}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_57NCfGfsNImvzBK Object is locked skipped

C:\WINDOWS\Temp\mcafee_JPQrhvBapDdKXgH Object is locked skipped

C:\WINDOWS\Temp\mcafee_jw7DafpAYQTFljd Object is locked skipped

C:\WINDOWS\Temp\mcmsc_aQwq8NJPfTXOrO2 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_gniihs8bF4VcAJn Object is locked skipped

C:\WINDOWS\Temp\mcmsc_IB247NG8yHxtTNl Object is locked skipped

C:\WINDOWS\Temp\mcmsc_Jfhp5Jq3d739qH7 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_jO6SsunsFru6HpS Object is locked skipped

C:\WINDOWS\Temp\mcmsc_K0Y2CKZLs97qXLK Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 05:01 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\AVIMoviePlayer50.exe

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

    Please repeat for this file:

    C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\recipes.exe
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 08:26 PM   #14 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
1st Scan

File AVIMoviePlayer50.exe_ received on 10.12.2007 04:07:09 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 -
Authentium 4.93.8 2007.10.11 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 Adware.Webdir.B
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5204 2007.10.12 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.11 Adware/Webdir
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.11 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 not-a-virus:AdWare.Win32.Webdir.b
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2586 2007.10.11 a variant of Win32/Adware.Webdir
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Prevx1 V2 2007.10.12 -
Rising 19.44.40.00 2007.10.12 Adware.Win32.Webdir.b
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 Adware.WebDir
TheHacker 6.2.8.086 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 -

Additional information
File size: 3570347 bytes
MD5: 8c431a3e668cdeef94585f47f8c9ba3d
SHA1: d3f363f34810629aea8c6418c47eda0ee37f2b2c
packers: ASPack, UPX

2nd Scan

File recipes.exe_ received on 10.12.2007 04:19:53 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 -
Authentium 4.93.8 2007.10.11 -
Avast 4.7.1051.0 2007.10.11 Win32:Adware-gen.
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 Adware.Comet.BA
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 Adware.Comet
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 AdWare.Win32.Comet.b
eTrust-Vet 31.2.5204 2007.10.12 -
Ewido 4.0 2007.10.11 Adware.Comet
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.11 Adware/Comet
F-Prot 4.3.2.48 2007.10.11 W32/Adware.VRM
F-Secure 6.70.13030.0 2007.10.11 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 not-a-virus:AdWare.Win32.Comet.bb
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 Program:Win32/Starware
NOD32v2 2586 2007.10.11 Win32/Adware.Comet
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Prevx1 V2 2007.10.12 -
Rising 19.44.40.00 2007.10.12 Adware.Win32.Comet.be
Sophos 4.22.0 2007.10.12 CometSys
Sunbelt 2.2.907.0 2007.10.11 Starware (v)
Symantec 10 2007.10.12 -
TheHacker 6.2.8.086 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 AdWare.Win32.Comet.be
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 -

Additional information
File size: 517280 bytes
MD5: e82eb9e85c36451009596e0d695b4d5c
SHA1: abfb6a7c31e80e07c9f40771d69774e615feb01d
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 09:05 PM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Most vendors feel the same as Kaspersky. Adware. This batch file will delete them and take care of the other finds.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Quote:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\AVIMoviePlayer50.exe"
"C:\Documents and Settings\Isaac Mason\My Documents\My Completed Downloads\recipes.exe"
C:\WINDOWS\cpbrkpie.ocx
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

%systemdrive%\Deckard
%systemdrive%\Qoobox

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 09:59 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
It said the deletion was successful..!
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 10:12 PM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
Excellent.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

-------------------------------------------------------------------------------------------------------------------------------



Your logs appear clean.You should be good to go. We still have a few items to address.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

    IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 10:28 PM   #18 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: Win Xp SP-2


Re: I have a red Biohazed sign on my desktop with popup windows.
I have no idea how to even begin to thank you so I'll just say (THANK YOU .....!)
MsMason is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2007, 10:34 PM   #19 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,247
OS: 2000 Pro; XP Pro; XP Home


Re: I have a red Biohazed sign on my desktop with popup windows.
That works for me.

You're welcome!

Surf Safely.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:53 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85