Author Topic: My HiJackThis (Read 496 times)

Oakland Raiderz · « **on:** April 06, 2008, 11:53:49 AM »

My problem is that on this computer on firefox and internet explorer i can't get onto certain sections on websites. Forexample yahoo mail but i can go to yahoo i can't get onto gmail either. i also tried opening both of them in safe mode and got no success.
this is what i get

http://www.yahoo.com/r/m2
http://mail.google.com/mail/?hl=en&tab=wm

My dad said he pay me 20 bucks if i fix it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> =D
Thanks for all yoru help

God Bless

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:32 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
D:\Norton Internet Security\SymPxSvc.exe
D:\Norton Internet Security\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Appletime\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AARONS CLIKER\cliker30.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\NEHR FAMILY\Application Data\Mozilla\Profiles\default\3c4d5man.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\NEHR FAMILY\Application Data\Mozilla\Profiles\default\3c4d5man.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "D:\Appletime\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-4269833308-2485233286-3133243520-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Super Duper')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://145.253.110.74/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://131.156.107.87/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://video.kisel.harekrishna.ru/activex/AMC.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h/rnl/java/RntX.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - D:\Norton Internet Security\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - D:\Norton Internet Security\SymPxSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9279 bytes

Oakland Raiderz · « **Reply #1 on:** April 06, 2008, 02:05:06 PM »

it wouldn't let me edit so sorry for this post

but i thought it would be good to let you know that i dont' think Symantec firewall is working i can't disable it or enable it and it always says its enable and i tryed unistalling it and it wouldn't let me >.<

guestolo · « **Reply #2 on:** April 06, 2008, 05:42:34 PM »

Did you try and uninstall All of Norton Internet Security?

Can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Oakland Raiderz · « **Reply #3 on:** April 06, 2008, 08:31:03 PM »

i just look to see if can unistall all of it but it looks like we just have symantec client firewall and when i try to unistall it i get this error
"you do not have the appropriate privileges to peform this operation"
i even made another "adminstrative account" and tried unistalling it but no success

HEres the main.txt

Deckard's System Scanner v20071014.68
Run by Nehr Family on 2008-04-06 21:48:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 0.71 GiB (less than 15%) free.[/color]

-- HijackThis (run as Nehr Family.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:31 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Appletime\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
D:\Norton Internet Security\SymPxSvc.exe
D:\Norton Internet Security\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Nehr Family\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NEHRFA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\NEHR FAMILY\Application Data\Mozilla\Profiles\default\3c4d5man.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\NEHR FAMILY\Application Data\Mozilla\Profiles\default\3c4d5man.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "D:\Appletime\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://145.253.110.74/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://131.156.107.87/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://video.kisel.harekrishna.ru/activex/AMC.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h/rnl/java/RntX.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - D:\Norton Internet Security\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - D:\Norton Internet Security\SymPxSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9161 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 12:41:01 0 d-------- C:\Program Files\Trend Micro
2008-04-06 09:11:16 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Macromedia
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Identities
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\AdobeUM
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Adobe
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\Templates
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\Start Menu
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\SendTo
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\Recent
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\PrintHood
2008-04-01 18:19:19 1572864 --ah----- C:\Documents and Settings\Super Duper\NTUSER.DAT
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\NetHood
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\My Documents
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\Local Settings
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\Favorites
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Desktop
2008-04-01 18:19:19 0 d--hs---- C:\Documents and Settings\Super Duper\Cookies
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\Application Data
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Symantec
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Real
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\MSN6
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Mozilla
2008-04-01 18:19:19 0 d---s---- C:\Documents and Settings\Super Duper\Application Data\Microsoft
2008-04-01 18:13:19 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-01 18:13:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-01 18:13:19 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-01 18:13:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-01 18:13:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-01 18:13:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-01 18:13:18 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-01 18:13:18 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-01 18:13:18 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-30 00:42:03 3120 --a------ C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2008-03-30 00:39:51 0 d-------- C:\Program Files\AARONS CLIKER
2008-03-26 20:42:43 0 d-------- C:\Program Files\TrackMania Nations ESWC

-- Find3M Report ---------------------------------------------------------------

2008-04-06 21:38:05 0 d-------- C:\Program Files\Steam
2008-04-06 21:35:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 18:19:27 0 d-------- C:\Program Files\Web Publish
2008-02-24 23:18:13 0 d-------- C:\Program Files\DivX
2008-02-24 23:18:13 0 d-------- C:\Program Files\AIM95
2008-02-24 23:18:11 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-22 13:22:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-22 13:22:25 0 d-------- C:\Program Files\honestech Video Editor 7.0 Trial
2008-02-17 20:14:25 0 d-------- C:\Program Files\QuickTime
2008-02-16 17:16:27 0 d-------- C:\Program Files\Windows Live Safety Center

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/16/2003 02:22 PM]
"nwiz"="nwiz.exe" [07/16/2003 02:22 PM C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2003 02:01 PM]
"AGRSMMSG"="AGRSMMSG.exe" [07/22/2004 03:38 PM C:\WINDOWS\AGRSMMSG.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avgnt"="D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/21/2008 10:17 PM]
"iTunesHelper"="D:\Appletime\iTunesHelper.exe" [01/15/2008 03:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Steam"="C:\Program Files\Steam\Steam.exe" [03/27/2008 08:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"=C:\WINDOWS\system32\mstask.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [6/27/2007 4:46:18 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e6d1904-4eb6-11d8-a724-806d6172696f}]
AutoRun\command- E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69894593-a438-11dc-b08d-000e2ec84da0}]
AutoRun\command- H:\Launch.exe

-- End of Deckard's System Scanner: finished at 2008-04-06 21:48:51 ------------

only one notepad came up. extra.txt never opened

Oakland Raiderz · « **Reply #4 on:** April 06, 2008, 09:01:16 PM »

I feel So smart! =] i went to my documents on the c drive and i clicked on deckard then system scanner then the first one and i found this

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1023.36 MiB / 674.82 MiB
Pagefile Memory (total/avail): 1696.87 MiB / 1417.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 13.97 GiB total, 0.71 GiB free.
D: is Fixed (NTFS) - 92.81 GiB total, 67.98 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BB-98DWA0 - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 92.81 GiB - D:

\\.\PHYSICALDRIVE1 - Canon MP470 series USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirewallDisableNotify is set.
AntivirusOverride is set.

FW: Symantec Client Firewall v2002 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition v 7.0.3.122
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Steam\\steamapps\\common\\quake 3 team arena demo\\taquake3.exe"="C:\\Program Files\\Steam\\steamapps\\common\\quake 3 team arena demo\\taquake3.exe:*:Enabled:taquake3"
"C:\\Documents and Settings\\Nehr Family\\Desktop\\Quake III\\quake3.exe"="C:\\Documents and Settings\\Nehr Family\\Desktop\\Quake III\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Enabled:tgcmd Module"
"C:\\Program Files\\support.com\\client\\bin\\bak\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\bak\\tgcmd.exe:*:Enabled:tgcmd Module"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\\Appletime\\iTunes.exe"="D:\\Appletime\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWCLauncher.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWCLauncher.exe:*:Enabled:Play TrackMania Nations ESWC"
"C:\\Program Files\\TrackMania Nations ESWC\\tmn.exe"="C:\\Program Files\\TrackMania Nations ESWC\\tmn.exe:*:Enabled:tmn.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nehr Family\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SONY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nehr Family
LOGONSERVER=\\SONY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NEHRFA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NEHRFA~1\LOCALS~1\Temp
USERDOMAIN=SONY
USERNAME=Nehr Family
USERPROFILE=C:\Documents and Settings\Nehr Family
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Nehr Family (admin)
Super Duper (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aarons Cliker Version 2.89 --> "C:\Program Files\AARONS CLIKER\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem --> agrsmdel
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir PersonalEdition Classic --> D:\Antivir\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> D:\Canon Printer\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Click to DVD 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
CMA, RMA, and CMAS Exam Preparation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D1649CD-7AA7-488C-BCB1-6F5003628BAC}\setup.exe"
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Delmar's Comprehensive Medical Assisting Clinical Skills --> C:\PROGRA~1\DELMAR~1\CLINIC~1\UNWISE.EXE C:\PROGRA~1\DELMAR~1\CLINIC~1\INSTALL.LOG
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
greenstreet Font Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\greenstreet\UnFont.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Medical Terminology, 9th Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Delmar\SDD9\DeIsL1.isu" -c"C:\Program Files\Delmar\SDD9\_ISREG32.DLL"
Microsoft Access 2000 Runtime --> MsiExec.exe /I{00180409-78E1-11D2-B60F-006097C998E7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x9 /remove
MyDSC2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-03-18-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-03-18-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
Palace Uninstall --> C:\Program Files\Communities.com\ThePalace\Unwise32.exe C:\Program Files\Communities.com\ThePalace\Install.log
PhotoFiltre --> "D:\caitlyn\Pictures\Edited\photofiltre\Uninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake 3 Team Arena Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9090
Quake II Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9130
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
Rio Music Manager --> MsiExec.exe /X{9E321DCB-3AC5-466C-B214-4CD340EE3A13}
RollerCoaster TycoonÂ® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Snapshot Viewer 9.0 --> C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SpecOps US Army Green Berets --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Zombie Studios\SpecOps US Army Green Berets\Uninst.isu"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec Client Firewall --> MsiExec.exe /I{A6F7E997-2236-4145-A028-438F2484241A}
TaxCut 2004 --> D:\TaxCut2004\TaxCut04\Program\removetc.exe
TaxCut Standard 2005 --> D:\PROGRA~1\TaxCut05\Program\removetc.exe
The Sims 2 --> D:\SIMS2\EAUninstall.exe
The Sims 2 Pets --> D:\SIM2pets\EAUninstall.exe
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TrackMania Nations ESWC 0.1.7.5 --> "C:\Program Files\TrackMania Nations ESWC\unins000.exe"
Understanding Health Insurance, 8th Ed. --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF4E7B6-52D5-49D5-B07B-56939488D634}\setup.exe"
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoEgg Publisher --> C:\Documents and Settings\Nehr Family\Application Data\VideoEgg\Uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Zoo Tycoon Expanded --> "D:\ZOO ORIGINAL\UNINSTAL.EXE" /runtemp /addremove

-- Application Event Log -------------------------------------------------------

Event Record #/Type2347 / Error
Event Submitted/Written: 04/06/2008 09:43:40 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Symantec Client Firewall -- You do not have the appropriate privileges to perform this operation.

Event Record #/Type2346 / Error
Event Submitted/Written: 04/06/2008 09:37:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00bc8050.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type2344 / Error
Event Submitted/Written: 04/06/2008 09:36:03 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Symantec Client Firewall -- You do not have the appropriate privileges to perform this operation.

Event Record #/Type2343 / Warning
Event Submitted/Written: 04/06/2008 09:36:02 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{A6F7E997-2236-4145-A028-438F2484241A}', feature 'SCFBaseFiles' failed during request for component '{0DE79789-CE8B-4BBA-A4A1-03DFBECAFEEE}'

Event Record #/Type2342 / Warning
Event Submitted/Written: 04/06/2008 09:36:02 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{A6F7E997-2236-4145-A028-438F2484241A}', feature 'SCFBaseFiles', component '{6FCCDDEB-1A5F-4B1A-97DC-33F642C28136}' failed. The resource 'D:\Norton Internet Security\IAMAPP.EXE' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type19195 / Error
Event Submitted/Written: 04/06/2008 09:35:37 PM
Event ID/Source: 23 / Print
Event Description:
Printer Lexmark X1100 Series,0 failed to initialize because a suitable Lexmark X1100 Series driver could not be found.

Event Record #/Type19191 / Warning
Event Submitted/Written: 04/06/2008 09:34:51 PM / 04/06/2008 09:35:21 PM
Event ID/Source: 17 / i8042prt
Event Description:
The device sent an incorrect response(s) following a keyboard reset.

Event Record #/Type19173 / Error
Event Submitted/Written: 04/06/2008 09:07:29 AM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type19168 / Warning
Event Submitted/Written: 04/06/2008 09:05:13 AM / 04/06/2008 09:06:13 AM
Event ID/Source: 17 / i8042prt
Event Description:
The device sent an incorrect response(s) following a keyboard reset.

Event Record #/Type19160 / Error
Event Submitted/Written: 04/06/2008 09:05:58 AM
Event ID/Source: 23 / Print
Event Description:
Printer Lexmark X1100 Series,0 failed to initialize because a suitable Lexmark X1100 Series driver could not be found.

-- End of Deckard's System Scanner: finished at 2008-04-06 21:44:16 ------------

guestolo · « **Reply #5 on:** April 06, 2008, 09:26:57 PM »

Can you do the following

Download and Save to desktop
Norton Removal Tool
In STEP 3, but Don't run it yet

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need this later

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
Click the "Download" button to the right.
Click the Accept button>>the page will refresh
Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.

DON'T install it yet

Print the remainder of these instructions, or save them to a text file on your desktop for reference
Physically disconnect the Internet cable from the back of the computer
I'll prompt you when to reconnect it

Disable Avira AntiVir realtime protections, leave them disabled till I prompt you please

Go To START>>RUN>>type in
services.msc
Hit OK
When the Services Windows opens, look on the right hand side for this Service name
Symantec Client Firewall Service
Double click on that service name
In the STARTUP TYPE dropdown box, set to Disabled
Apply and OK it

Do the same thing for these next service names
Symantec Client Firewall Accounts Manager
Symantec Network Drivers Service
Symantec Client Firewall Proxy Service
SymWMI Service
Don't forget to Apply and OK after setting to Disabled after each one

Reboot your computer
Back in Windows

Double click on the Norton Removal Tool and follow the prompts
Ensure to reboot when prompted

Back in Windows
Access your Windows Control Panel and open the Windows Firewall
Ensure it is enabled
Don't open any browser Windows yet

Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
This includes:
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Javaâ„¢ 6 Update 3
DON'T reboot if prompted after removing any of the above
When the last one has been removed
================================
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
========================================
Afterwards
SHUT DOWN your computer

Reconnect the cable to the Internet

Start the computer, back in Windows
Go ahead and install the latest version of Java from the installer on deskop, follow the prompts
After successful installation, you can delete the installer from desktop

Go back and now ensure that Avira Realtime protections are reenabled

Come back and post a fresh hijackthis log
Let me know how things are running

Oakland Raiderz · « **Reply #6 on:** April 07, 2008, 02:48:55 PM »

Everything runs great =]
i'm now able to check mail
Thanks for your time if theres anything else let me know if not

Take care
and

GOD BLESS YOU

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:18 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Appletime\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("__000.aim.general.im.enterCR", false);
user_pref("__000.aim.general.im.tabKey", false);
user_pref("__000.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.im.enterCR", false);
user_pref("__sys.aim.general.im.smilies", false);
user_pref("__sys.aim.general.im.tabKey", false);
user_pref("__sys.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.snsautosignon", false);
user_pref("__sys.aim.general.today", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.check_doc_frequency", 1);
user_pref("browser.cache.disk.parent_directory", "C:\\WINDOWS\\Temp\\Temporary Internet Files\\Content.IE5");
user_pref("browser.history.last_page_visited", "http://www9.kinghost.com/amateur/hometown/summer-summer2/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("__000.aim.general.im.enterCR", false);
user_pref("__000.aim.general.im.tabKey", false);
user_pref("__000.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.im.enterCR", false);
user_pref("__sys.aim.general.im.smilies", false);
user_pref("__sys.aim.general.im.tabKey", false);
user_pref("__sys.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.snsautosignon", false);
user_pref("__sys.aim.general.today", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.check_doc_frequency", 1);
user_pref("browser.cache.disk.parent_directory", "C:\\WINDOWS\\Temp\\Temporary Internet Files\\Content.IE5");
user_pref("browser.history.last_page_visited", "http://www9.kinghost.com/amateur/hometown/summer-summer2/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "D:\Appletime\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://145.253.110.74/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://131.156.107.87/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://video.kisel.harekrishna.ru/activex/AMC.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h/rnl/java/RntX.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

guestolo · « **Reply #7 on:** April 08, 2008, 12:22:07 AM »

Quote

Everything runs great =]
i'm now able to check mail

Sounds good, but for the heck of it
Can you run a fresh scan with dss.exe and post it's log>>Main.txt

Oakland Raiderz · « **Reply #8 on:** April 08, 2008, 07:11:59 PM »

Deckard's System Scanner v20071014.68
Run by Nehr Family on 2008-04-08 20:31:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 0.52 GiB (less than 15%) free.[/color]

-- HijackThis (run as Nehr Family.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:11 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Appletime\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Nehr Family\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NEHRFA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("__000.aim.general.im.enterCR", false);
user_pref("__000.aim.general.im.tabKey", false);
user_pref("__000.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.im.enterCR", false);
user_pref("__sys.aim.general.im.smilies", false);
user_pref("__sys.aim.general.im.tabKey", false);
user_pref("__sys.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.snsautosignon", false);
user_pref("__sys.aim.general.today", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.check_doc_frequency", 1);
user_pref("browser.cache.disk.parent_directory", "C:\\WINDOWS\\Temp\\Temporary Internet Files\\Content.IE5");
user_pref("browser.history.last_page_visited", "http://www9.kinghost.com/amateur/hometown/summer-summer2/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("__000.aim.general.im.enterCR", false);
user_pref("__000.aim.general.im.tabKey", false);
user_pref("__000.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.im.enterCR", false);
user_pref("__sys.aim.general.im.smilies", false);
user_pref("__sys.aim.general.im.tabKey", false);
user_pref("__sys.aim.general.im.timeStamp", false);
user_pref("__sys.aim.general.snsautosignon", false);
user_pref("__sys.aim.general.today", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.check_doc_frequency", 1);
user_pref("browser.cache.disk.parent_directory", "C:\\WINDOWS\\Temp\\Temporary Internet Files\\Content.IE5");
user_pref("browser.history.last_page_visited", "http://www9.kinghost.com/amateur/hometown/summer-summer2/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "D:\Appletime\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://145.253.110.74/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://131.156.107.87/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://video.kisel.harekrishna.ru/activex/AMC.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h/rnl/java/RntX.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 10023 bytes

-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-07 21:34:27 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-07 19:15:26 0 d-------- C:\Program Files\New Folder
2008-04-07 16:04:48 0 d-------- C:\Program Files\Sun
2008-04-07 16:02:01 0 d-------- C:\Program Files\Common Files\Java
2008-04-06 12:41:01 0 d-------- C:\Program Files\Trend Micro
2008-04-06 09:11:16 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Macromedia
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Identities
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\AdobeUM
2008-04-01 18:19:20 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Adobe
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\Templates
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\Start Menu
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\SendTo
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\Recent
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\PrintHood
2008-04-01 18:19:19 1572864 --ah----- C:\Documents and Settings\Super Duper\NTUSER.DAT
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\NetHood
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\My Documents
2008-04-01 18:19:19 0 d--h----- C:\Documents and Settings\Super Duper\Local Settings
2008-04-01 18:19:19 0 dr------- C:\Documents and Settings\Super Duper\Favorites
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Desktop
2008-04-01 18:19:19 0 d--hs---- C:\Documents and Settings\Super Duper\Cookies
2008-04-01 18:19:19 0 dr-h----- C:\Documents and Settings\Super Duper\Application Data
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Symantec
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Real
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\MSN6
2008-04-01 18:19:19 0 d-------- C:\Documents and Settings\Super Duper\Application Data\Mozilla
2008-04-01 18:19:19 0 d---s---- C:\Documents and Settings\Super Duper\Application Data\Microsoft
2008-04-01 18:13:19 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-01 18:13:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-01 18:13:19 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-01 18:13:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-01 18:13:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-01 18:13:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-01 18:13:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-01 18:13:18 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-01 18:13:18 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-01 18:13:18 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-01 18:13:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-30 00:42:03 3120 --a------ C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2008-03-30 00:39:51 0 d-------- C:\Program Files\AARONS CLIKER
2008-03-26 20:42:43 0 d-------- C:\Program Files\TrackMania Nations ESWC

-- Find3M Report ---------------------------------------------------------------

2008-04-07 21:48:07 0 d-------- C:\Program Files\Steam
2008-04-07 16:04:41 0 d-------- C:\Program Files\Java
2008-04-07 16:02:01 0 d-------- C:\Program Files\Common Files
2008-04-07 15:46:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 18:19:27 0 d-------- C:\Program Files\Web Publish
2008-02-24 23:18:13 0 d-------- C:\Program Files\DivX
2008-02-24 23:18:13 0 d-------- C:\Program Files\AIM95
2008-02-24 23:18:11 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-22 13:22:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-22 13:22:25 0 d-------- C:\Program Files\honestech Video Editor 7.0 Trial
2008-02-17 20:14:25 0 d-------- C:\Program Files\QuickTime
2008-02-16 17:16:27 0 d-------- C:\Program Files\Windows Live Safety Center

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [07/16/2003 02:22 PM]
"nwiz"="nwiz.exe" [07/16/2003 02:22 PM C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/06/2003 02:01 PM]
"AGRSMMSG"="AGRSMMSG.exe" [07/22/2004 03:38 PM C:\WINDOWS\AGRSMMSG.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avgnt"="D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/21/2008 10:17 PM]
"iTunesHelper"="D:\Appletime\iTunesHelper.exe" [01/15/2008 03:22 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 02:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"=C:\WINDOWS\system32\mstask.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [6/27/2007 4:46:18 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69894593-a438-11dc-b08d-000e2ec84da0}]
AutoRun\command- H:\Launch.exe

-- End of Deckard's System Scanner: finished at 2008-04-08 20:31:38 ------------

guestolo · « **Reply #9 on:** April 08, 2008, 08:07:27 PM »

Looks good, you can delete dss.exe, ATF-Cleaner.exe and this folder
C:\Deckard.

Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: My HiJackThis (Read 496 times)

Oakland Raiderz

My HiJackThis

Oakland Raiderz

My HiJackThis

guestolo

My HiJackThis

Oakland Raiderz

My HiJackThis

Oakland Raiderz

My HiJackThis

guestolo

My HiJackThis

Oakland Raiderz

My HiJackThis

guestolo

My HiJackThis

Oakland Raiderz

My HiJackThis

guestolo

My HiJackThis