Sponsored By

charlieric

Members
  • Content Count

    14
  • Joined

  • Last visited

About charlieric

  • Rank
    Member
  1. You've had Monster patience with me, as well as Energy. Thanks a million! Only a couple more things, it seems. When I go to system restore, the tab to turn it on and off is grayed out (unchecked) and it says "Disabled by Group Policy". I would also like quick instructions of how to restore the ability to set the wallpaper (background) and screen saver, which was turned off in the registry by one of the bugs when it put up the wallpaper telling me I have a spyware, as if I didn't know... I figured out how to fix the background and screensaver problem. I also found a "System Restore Wizard" that seemed to allow me to set a restore point now that things are clean, but I still can't control the option from the tab in C drive properties. I am in an administrative user account. Any idea how I could find out whether the restore point was truly established? The other information you sent was very helpful. We're very happy to have control of our computer health again!
  2. You've had Monster patience with me, as well as Energy. Thanks a million! Only a couple more things, it seems. When I go to system restore, the tab to turn it on and off is grayed out (unchecked) and it says "Disabled by Group Policy". I would also like quick instructions of how to restore the ability to set the wallpaper (background) and screen saver, which was turned off in the registry by one of the bugs when it put up the wallpaper telling me I have a spyware, as if I didn't know...
  3. I think I already did. The file is called: 06082008_203626.log and the results are again below. If there's another way you want me to post it, please let me know and I'll comply as best I can. Explorer killed successfully < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}\\ not found. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}\\ not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc5lnj0eaat > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc5lnj0eaat deleted successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe deleted successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\icoo > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\icoo\\ not found. C:\Program Files\ICOO Loader\skin moved successfully. C:\Program Files\ICOO Loader\My downloads moved successfully. C:\Program Files\ICOO Loader\logs moved successfully. C:\Program Files\ICOO Loader\Help moved successfully. C:\Program Files\ICOO Loader\downloads moved successfully. C:\Program Files\ICOO Loader\addons moved successfully. C:\Program Files\ICOO Loader moved successfully. C:\WINDOWS\system32\tmp.reg moved successfully. C:\WINDOWS\system32\d3d9caps.dat moved successfully. C:\WINDOWS\sed.exe moved successfully. C:\WINDOWS\grep.exe moved successfully. C:\WINDOWS\fdsv.exe moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Packages moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\BrowserObjects moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuCurrentUser moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuAllUsers moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM\RunOnce moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKCU\RunOnce moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKCU moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Packages moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\BrowserObjects moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuCurrentUser moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuAllUsers moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM\RunOnce moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKCU\RunOnce moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKCU moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine\Autorun moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat\Quarantine moved successfully. C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat moved successfully. C:\WINDOWS\system32\lphc5lnj0eaat.exe moved successfully. C:\Patch's (sams game folder! dont delete plz)\Cheat Engine moved successfully. C:\Patch's (sams game folder! dont delete plz)\2.4.1jumphack moved successfully. C:\Patch's (sams game folder! dont delete plz) moved successfully. C:\Program Files\Cheat Engine moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\.ttE.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06082008_203626 Files moved on Reboot... C:\DOCUME~1\Owner\LOCALS~1\Temp\.ttE.tmp moved successfully.
  4. OK, Monster. First, the results of the F-Secure scan: Result: 3 malware found Email-Worm.Win32.Zhelatin.vl (virus) C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\QUARANTINE\SYSREST.SYS (Renamed & Submitted) RiskTool.Win32.Reboot (spyware) System Tracking Cookie (spyware) System -------------------------------------------------------------------------------- Statistics Scanned: Files: 55545 System: 4758 Not scanned: 8 Actions: Disinfected: 0 Renamed: 1 Deleted: 0 None: 2 Submitted: 1 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\DOCUMENTS AND SETTINGS\NICKZ FOLDER\LOCAL SETTINGS\TEMP\HSPERFDATA_NICKZ FOLDER\30224 Here is teh OTMoveIt2 log: Explorer killed successfully < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}\\ not found. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}\\ not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc5lnj0eaat > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc5lnj0eaat deleted successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe deleted successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\icoo > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\icoo\\ not found. C:\Program Files\ICOO Loader\skin moved successfully. C:\Program Files\ICOO Loader\My downloads moved successfully. C:\Program Files\ICOO Loader\logs moved successfully. C:\Program Files\ICOO Loader\Help moved successfully. C:\Program Files\ICOO Loader\downloads moved successfully. C:\Program Files\ICOO Loader\addons moved successfully. C:\Program Files\ICOO Loader moved successfully. C:\WINDOWS\system32\tmp.reg moved successfully. C:\WINDOWS\system32\d3d9caps.dat moved successfully. C:\WINDOWS\sed.exe moved successfully. C:\WINDOWS\grep.exe moved successfully. C:\WINDOWS\fdsv.exe moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Packages moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\BrowserObjects moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuCurrentUser moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\StartMenuAllUsers moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM\RunOnce moved successfully. C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat\Quarantine\Autorun\HKLM moved successfully.
  5. Hi again. I have posted the three new logs below. By the way, my Trend anti-virus is now warning me about a file in the Smitfraudfix that it identifies as being infected by Troj_Generic.ADV Since I have been getting this same warning about other files on the computer for the last few days, I am suspicious that Trend isn't identifying viruses correctly. What's up with that? Another reason to change to a different anti-virus? SmitFraudFix v2.323 Scan done at 8:31:31.93, Sun 06/08/2008 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-08 09:19:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-06-08 15:19:16 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-06-08 02:58:56 UTC - RP3 - System Checkpoint 2: 2008-06-07 02:10:34 UTC - RP2 - ComboFix created restore point 1: 2008-06-07 02:09:31 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:20:05, on 6/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lphc5lnj0eaat.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;localhost O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe O4 - HKLM\..\Run: [uFC Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:UFC O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphc5lnj0eaat] C:\WINDOWS\system32\lphc5lnj0eaat.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/cabfiles/Entriq_...0_15_Silent.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10266 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-07 21:26:00 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-06-05 13:57:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-08 and 2008-06-08 ----------------------------- 2008-06-08 08:31:43 4292 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-08 08:30:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-08 08:30:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-08 08:30:56 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-08 08:30:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-08 08:30:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-08 08:30:56 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-08 08:30:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-08 08:30:56 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-06 22:37:36 0 d-------- C:\Program Files\RogueRemover FREE 2008-06-06 20:09:09 68096 --a------ C:\WINDOWS\zip.exe 2008-06-06 20:09:09 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-06 20:09:09 98816 --a------ C:\WINDOWS\sed.exe 2008-06-06 20:09:09 80412 --a------ C:\WINDOWS\grep.exe 2008-06-06 20:09:09 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-06 20:09:08 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-06 20:09:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-06 20:09:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-06 15:27:23 0 d-------- C:\Program Files\Wrath of the Lich King Alpha 2008-06-04 18:43:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-06-04 18:33:40 0 d-------- C:\Program Files\Spyware Doctor 2008-06-04 18:33:40 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-06-04 00:28:00 0 d-------- C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat 2008-06-03 22:28:07 0 d-------- C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat 2008-06-03 21:05:54 93184 --a------ C:\WINDOWS\system32\lphc5lnj0eaat.exe 2008-05-24 16:08:56 0 d-------- C:\Program Files\Cheat Engine 2008-05-19 16:28:54 0 d------c- C:\Patch's (sams game folder! dont delete plz) -- Find3M Report --------------------------------------------------------------- 2008-06-07 12:01:54 0 d-------- C:\Program Files\Quicken 2008-06-07 08:47:31 0 d-------- C:\Program Files\ProfileWatcher 2008-06-06 15:27:27 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-06-05 18:10:02 0 d-------- C:\Program Files\Trend Micro 2008-06-04 08:42:31 0 d-------- C:\Program Files\LimeWire 2008-05-26 10:07:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-05-25 20:01:00 0 d-------- C:\Program Files\World of Warcraft 2008-05-16 18:15:32 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2008-05-14 10:07:05 0 d-------- C:\Program Files\Apple Software Update 2008-05-14 09:55:33 0 d-------- C:\Program Files\iTunes 2008-05-14 09:53:04 0 d-------- C:\Program Files\iPod 2008-05-14 09:44:25 0 d-------- C:\Program Files\QuickTime 2008-05-04 09:56:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Real 2008-04-25 09:08:24 0 d-------- C:\Program Files\Bodog Poker 2008-03-30 21:00:17 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}] 09/25/2004 17:05 28672 --a--c--- C:\Program Files\ICOO Loader\addons\icooue.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}] 09/22/2004 16:36 68096 --a--c--- C:\Program Files\ICOO Loader\addons\icoou.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 17:04] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 16:51] "KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 21:02] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 22:42] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/03/2003 00:19] "nwiz"="nwiz.exe" [05/03/2003 00:19 C:\WINDOWS\system32\nwiz.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [] "AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 16:55] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/25/2006 21:29] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [] "ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" [] "UFC Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [03/12/2007 23:15] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 00:56] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36] "lphc5lnj0eaat"="C:\WINDOWS\system32\lphc5lnj0eaat.exe" [06/03/2008 21:05] "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/23/2007 19:27] "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [09/18/2007 01:30] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 17:45] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [7/26/2003 2:57:44 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "NoDispBackgroundPage"=1 (0x1) "NoDispScrSavPage"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 04:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-08 09:21:58 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.60GHz CPU 1: Intel® Pentium® 4 CPU 2.60GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 759.36 MiB / 350.97 MiB Pagefile Memory (total/avail): 1860.02 MiB / 1512.47 MiB Virtual Memory (total/avail): 2047.88 MiB / 1923.88 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 69.55 GiB total, 19.43 GiB free. D: is Fixed (FAT32) - 4.96 GiB total, 0.9 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD800EB-11DJF0 - 74.53 GiB - 2 partitions \PARTITION0 - Unknown - 4.97 GiB - D: \PARTITION1 (bootable) - Installable File System - 69.55 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntivirusOverride is set. FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.) AV: Trend Micro Internet Security v16.10.1079 () [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users\\Documents\\iTunes\\iTunes.exe"="C:\\Documents and Settings\\All Users\\Documents\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft" "C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC" "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Kuma Games\\KumaClientHCnet.exe"="C:\\Program Files\\Kuma Games\\KumaClientHCnet.exe:*:Enabled:KumaClientHC" "C:\\WINDOWS\\Installer\\{047882CA-975E-41FC-BE02-6D6396106C4E}\\ACDSee_PM_Shtcut.exe"="C:\\WINDOWS\\Installer\\{047882CA-975E-41FC-BE02-6D6396106C4E}\\ACDSee_PM_Shtcut.exe:*:Enabled:ACDSee 3.1 (SR-1)" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\Warcraft III\\World Editor.exe"="C:\\Program Files\\Warcraft III\\World Editor.exe:*:Enabled:Warcraft III World Editor" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=STELLA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\STELLA NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=STELLA USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Samz folder.STELLA (admin) Nickz folder (admin) Guest.STELLA (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe" AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe Aspi Installer --> C:\temp\UNWISE.EXE C:\temp\INSTALL.LOG Battle Realms --> MsiExec.exe /I{9AA761E6-CA51-4FF2-A552-D51638BF0595} Bodog Poker Version 2.13.6.4 --> "C:\Program Files\Bodog Poker\unins000.exe" Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576 DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Entriq MediaSphere 3.6.0.15 --> "C:\Program Files\Entriq\MediaSphere\unins000.exe" EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ICOO Loader 2.5 --> "C:\Program Files\ICOO Loader\unins000.exe" Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033 iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe" Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KBD --> C:\HP\KBD\KBD.EXE uninstalled LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7} Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)" Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} NVIDIA Gart Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9 OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,[email protected] PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SimCity 3000 Unlimited --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll" Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9 Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E} UFC Media Manager 3.6.0.6 --> "C:\Program Files\UFC Media Manager\MediaSphere\unins000.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9 Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wrath of the Lich King Alpha --> C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King Alpha\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2760 / Error Event Submitted/Written: 06/06/2008 03:34:04 PM Event ID/Source: 1512 / Userenv Event Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type2759 / Error Event Submitted/Written: 06/06/2008 00:42:34 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application axpdefender.exe, version 2.1.0.1, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [axpdefender.exe!ws!] Event Record #/Type2506 / Error Event Submitted/Written: 06/03/2008 11:36:55 PM Event ID/Source: 1505 / Userenv Event Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type2505 / Error Event Submitted/Written: 06/03/2008 11:36:54 PM Event ID/Source: 1508 / Userenv Event Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - Insufficient system resources exist to complete the requested service. for C:\Documents and Settings\Nickz folder\ntuser.dat Event Record #/Type2504 / Error Event Submitted/Written: 06/03/2008 11:36:48 PM Event ID/Source: 1505 / Userenv Event Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Insufficient system resources exist to complete the requested service. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type93627 / Error Event Submitted/Written: 06/08/2008 08:37:50 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type93626 / Error Event Submitted/Written: 06/08/2008 08:37:35 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type93625 / Error Event Submitted/Written: 06/08/2008 08:35:09 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type93624 / Error Event Submitted/Written: 06/08/2008 08:22:53 AM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi WS2IFSL Event Record #/Type93623 / Error Event Submitted/Written: 06/08/2008 08:22:53 AM Event ID/Source: 7001 / Service Control Manager Event Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 -- End of Deckard's System Scanner: finished at 2008-06-08 09:21:58 ------------
  6. Hi again. Here are the new logs. Also, my Trend anti-virus is identifying a file in Smitfraudfix I downloaded as containing a virus, again the same Troj_Generic.ADV variety. I assume it is a false identification, so I didn't do anything. Another reason to get a different anti-virus program? Rapport: SmitFraudFix v2.323 Scan done at 8:31:31.93, Sun 06/08/2008 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4642448-E7D1-47A5-BE6A-E7F27CB79F02}: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End And the logs from Deckard: Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-08 09:19:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-06-08 15:19:16 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-06-08 02:58:56 UTC - RP3 - System Checkpoint 2: 2008-06-07 02:10:34 UTC - RP2 - ComboFix created restore point 1: 2008-06-07 02:09:31 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:20:05, on 6/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lphc5lnj0eaat.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;localhost O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe O4 - HKLM\..\Run: [uFC Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:UFC O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphc5lnj0eaat] C:\WINDOWS\system32\lphc5lnj0eaat.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/cabfiles/Entriq_...0_15_Silent.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10266 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-07 21:26:00 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-06-05 13:57:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-08 and 2008-06-08 ----------------------------- 2008-06-08 08:31:43 4292 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-08 08:30:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-06-08 08:30:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-08 08:30:56 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-08 08:30:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-08 08:30:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-08 08:30:56 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-08 08:30:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-08 08:30:56 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-06 22:37:36 0 d-------- C:\Program Files\RogueRemover FREE 2008-06-06 20:09:09 68096 --a------ C:\WINDOWS\zip.exe 2008-06-06 20:09:09 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-06 20:09:09 98816 --a------ C:\WINDOWS\sed.exe 2008-06-06 20:09:09 80412 --a------ C:\WINDOWS\grep.exe 2008-06-06 20:09:09 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-06 20:09:08 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-06 20:09:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-06 20:09:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-06 15:27:23 0 d-------- C:\Program Files\Wrath of the Lich King Alpha 2008-06-04 18:43:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-06-04 18:33:40 0 d-------- C:\Program Files\Spyware Doctor 2008-06-04 18:33:40 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-06-04 00:28:00 0 d-------- C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat 2008-06-03 22:28:07 0 d-------- C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat 2008-06-03 21:05:54 93184 --a------ C:\WINDOWS\system32\lphc5lnj0eaat.exe 2008-05-24 16:08:56 0 d-------- C:\Program Files\Cheat Engine 2008-05-19 16:28:54 0 d------c- C:\Patch's (sams game folder! dont delete plz) -- Find3M Report --------------------------------------------------------------- 2008-06-07 12:01:54 0 d-------- C:\Program Files\Quicken 2008-06-07 08:47:31 0 d-------- C:\Program Files\ProfileWatcher 2008-06-06 15:27:27 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-06-05 18:10:02 0 d-------- C:\Program Files\Trend Micro 2008-06-04 08:42:31 0 d-------- C:\Program Files\LimeWire 2008-05-26 10:07:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-05-25 20:01:00 0 d-------- C:\Program Files\World of Warcraft 2008-05-16 18:15:32 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2008-05-14 10:07:05 0 d-------- C:\Program Files\Apple Software Update 2008-05-14 09:55:33 0 d-------- C:\Program Files\iTunes 2008-05-14 09:53:04 0 d-------- C:\Program Files\iPod 2008-05-14 09:44:25 0 d-------- C:\Program Files\QuickTime 2008-05-04 09:56:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Real 2008-04-25 09:08:24 0 d-------- C:\Program Files\Bodog Poker 2008-03-30 21:00:17 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}] 09/25/2004 17:05 28672 --a--c--- C:\Program Files\ICOO Loader\addons\icooue.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}] 09/22/2004 16:36 68096 --a--c--- C:\Program Files\ICOO Loader\addons\icoou.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 17:04] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 16:51] "KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 21:02] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 22:42] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/03/2003 00:19] "nwiz"="nwiz.exe" [05/03/2003 00:19 C:\WINDOWS\system32\nwiz.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [] "AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 16:55] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/25/2006 21:29] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [] "ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" [] "UFC Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [03/12/2007 23:15] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 00:56] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36] "lphc5lnj0eaat"="C:\WINDOWS\system32\lphc5lnj0eaat.exe" [06/03/2008 21:05] "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/23/2007 19:27] "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [09/18/2007 01:30] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 17:45] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [7/26/2003 2:57:44 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "NoDispBackgroundPage"=1 (0x1) "NoDispScrSavPage"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 04:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-08 09:21:58 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.60GHz CPU 1: Intel® Pentium® 4 CPU 2.60GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 759.36 MiB / 350.97 MiB Pagefile Memory (total/avail): 1860.02 MiB / 1512.47 MiB Virtual Memory (total/avail): 2047.88 MiB / 1923.88 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 69.55 GiB total, 19.43 GiB free. D: is Fixed (FAT32) - 4.96 GiB total, 0.9 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD800EB-11DJF0 - 74.53 GiB - 2 partitions \PARTITION0 - Unknown - 4.97 GiB - D: \PARTITION1 (bootable) - Installable File System - 69.55 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntivirusOverride is set. FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.) AV: Trend Micro Internet Security v16.10.1079 () [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users\\Documents\\iTunes\\iTunes.exe"="C:\\Documents and Settings\\All Users\\Documents\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft" "C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC" "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Kuma Games\\KumaClientHCnet.exe"="C:\\Program Files\\Kuma Games\\KumaClientHCnet.exe:*:Enabled:KumaClientHC" "C:\\WINDOWS\\Installer\\{047882CA-975E-41FC-BE02-6D6396106C4E}\\ACDSee_PM_Shtcut.exe"="C:\\WINDOWS\\Installer\\{047882CA-975E-41FC-BE02-6D6396106C4E}\\ACDSee_PM_Shtcut.exe:*:Enabled:ACDSee 3.1 (SR-1)" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\Warcraft III\\World Editor.exe"="C:\\Program Files\\Warcraft III\\World Editor.exe:*:Enabled:Warcraft III World Editor" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=STELLA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner LOGONSERVER=\\STELLA NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=STELLA USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Samz folder.STELLA (admin) Nickz folder (admin) Guest.STELLA (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe" AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe Aspi Installer --> C:\temp\UNWISE.EXE C:\temp\INSTALL.LOG Battle Realms --> MsiExec.exe /I{9AA761E6-CA51-4FF2-A552-D51638BF0595} Bodog Poker Version 2.13.6.4 --> "C:\Program Files\Bodog Poker\unins000.exe" Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576 DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Entriq MediaSphere 3.6.0.15 --> "C:\Program Files\Entriq\MediaSphere\unins000.exe" EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ICOO Loader 2.5 --> "C:\Program Files\ICOO Loader\unins000.exe" Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033 iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe" Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KBD --> C:\HP\KBD\KBD.EXE uninstalled LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7} Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)" Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} NVIDIA Gart Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9 OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,[email protected] PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SimCity 3000 Unlimited --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll" Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9 Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E} UFC Media Manager 3.6.0.6 --> "C:\Program Files\UFC Media Manager\MediaSphere\unins000.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9 Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wrath of the Lich King Alpha --> C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King Alpha\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2760 / Error Event Submitted/Written: 06/06/2008 03:34:04 PM Event ID/Source: 1512 / Userenv Event Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type2759 / Error Event Submitted/Written: 06/06/2008 00:42:34 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application axpdefender.exe, version 2.1.0.1, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [axpdefender.exe!ws!] Event Record #/Type2506 / Error Event Submitted/Written: 06/03/2008 11:36:55 PM Event ID/Source: 1505 / Userenv Event Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type2505 / Error Event Submitted/Written: 06/03/2008 11:36:54 PM Event ID/Source: 1508 / Userenv Event Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - Insufficient system resources exist to complete the requested service. for C:\Documents and Settings\Nickz folder\ntuser.dat Event Record #/Type2504 / Error Event Submitted/Written: 06/03/2008 11:36:48 PM Event ID/Source: 1505 / Userenv Event Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Insufficient system resources exist to complete the requested service. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type93627 / Error Event Submitted/Written: 06/08/2008 08:37:50 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type93626 / Error Event Submitted/Written: 06/08/2008 08:37:35 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type93625 / Error Event Submitted/Written: 06/08/2008 08:35:09 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type93624 / Error Event Submitted/Written: 06/08/2008 08:22:53 AM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi WS2IFSL Event Record #/Type93623 / Error Event Submitted/Written: 06/08/2008 08:22:53 AM Event ID/Source: 7001 / Service Control Manager Event Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 -- End of Deckard's System Scanner: finished at 2008-06-08 09:21:58 ------------
  7. Here's the log, Monster. I should also note that I ran Trend virus scan this morning, and deleted or quarantined at least two infected viruses called Troj_Generic.ADV (or something like that). Since yesterday, I haven't had an instance of that pop-up box coming up warning me of malware, which then tries to install the bogus XP Defender 2008 or Malware Protector 2008 that was one of the original problems, so maybe some of this is now fixed. I do still have a set desktop background that has a spyware warning, and am unable to change the wallpaper or work our normal screensaver, which I found out today was due to changes that the malware made on those options in the registry. Anyway, FYI, and I'll await further instructions from you.... ******************************************************************************** * * * FixIEDef Log * * Version 1.4.16.4411 * * * ******************************************************************************** Created at 21:27:55 on Saturday, June 07, 2008 Time Zone : (GMT-07:00) Mountain Time (US & Canada) Operating System : Microsoft Windows XP Home Edition Service Pack Level: Service Pack 2 System Langauge : English (United States) Processor : X86 Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\SwSys1.bmp C:\WINDOWS\SwSys2.bmp C:\WINDOWS\system32\Desktop.ico C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\IE.ico C:\WINDOWS\system32\Open.ico C:\WINDOWS\system32\Quick.ico C:\WINDOWS\system32\Uninstall.ico -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done ShadowPuterDude Safe Surfing!!!
  8. Monster, there's no log option given to me when I run RogueRemover. It also takes about three seconds for it to scan my computer, so I don't know if it is really working right. Am I doing something wrong?
  9. I downloaded and ran Rogue Remover after updating it. It said "nothing found".
  10. That's what I would have guessed, and I think I'm about done with Trend. In following the directions, I hit a small snag. When I drag the file I downloaded from Microsoft onto the ComboFix file, it asks me if I want to run ComboFix instead of seeming to set up Windows Recovery Console. Is this normal? OK, no matter, I ran everything just fine and here's the ComboFix log. It deleted one program, but there's still a bunch of junk left. Awaiting your next instructions: ComboFix 08-06-06.4 - Owner 2008-06-06 20:15:22.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.398 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Desktop\AXPDefender.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Advanced XP Defender.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Register.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk C:\Documents and Settings\Nickz folder\Application Data\AXPDefender C:\Documents and Settings\Nickz folder\Application Data\FunWebProducts C:\Documents and Settings\Nickz folder\Application Data\FunWebProducts\Data\Nickz folder\avatar.dat C:\Documents and Settings\Owner\Application Data\AXPDefender C:\Program Files\AXPDefender C:\Program Files\AXPDefender\AXPDefender.exe C:\Program Files\AXPDefender\AXPDefender.exe.local C:\Program Files\AXPDefender\AXPDefenderSkin.dll C:\Program Files\AXPDefender\database.dat C:\Program Files\AXPDefender\license.txt C:\Program Files\AXPDefender\MFC71.dll C:\Program Files\AXPDefender\MFC71ENU.DLL C:\Program Files\AXPDefender\msvcp71.dll C:\Program Files\AXPDefender\msvcr71.dll C:\Program Files\AXPDefender\Uninstall.exe C:\WINDOWS\system32\sysrest32.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_sysrest.sys ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-06 15:27 . 2008-06-06 15:31 <DIR> d-------- C:\Program Files\Wrath of the Lich King Alpha 2008-06-06 10:48 . 2008-06-05 17:57 52,736 --a------ C:\WINDOWS\system32\18.tmp 2008-06-04 18:33 . 2008-06-04 18:33 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-06-04 18:33 . 2008-06-04 18:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-06-04 18:33 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-04 18:33 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-04 18:33 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-04 18:33 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-04 00:28 . 2008-06-04 00:28 <DIR> d-------- C:\Documents and Settings\Nickz folder\Application Data\shc3lnj0eaat 2008-06-03 22:28 . 2008-06-03 22:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\shc3lnj0eaat 2008-06-03 21:05 . 2008-06-03 21:05 93,184 --a------ C:\WINDOWS\system32\lphc5lnj0eaat.exe 2008-06-03 21:05 . 2008-06-06 20:50 90,838 --a------ C:\WINDOWS\system32\phc5lnj0eaat.bmp 2008-05-24 16:08 . 2008-06-04 12:57 <DIR> d-------- C:\Program Files\Cheat Engine 2008-05-19 16:28 . 2008-06-06 15:25 <DIR> d----c--- C:\Patch's (sams game folder! dont delete plz) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 23:24 --------- d-----w C:\Program Files\Quicken 2008-06-06 21:27 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-06-06 00:10 --------- d-----w C:\Program Files\Trend Micro 2008-06-04 14:42 --------- d-----w C:\Program Files\LimeWire 2008-05-26 02:01 --------- d-----w C:\Program Files\World of Warcraft 2008-05-17 00:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2008-05-14 16:07 --------- d-----w C:\Program Files\Apple Software Update 2008-05-14 15:55 --------- d-----w C:\Program Files\iTunes 2008-05-14 15:53 --------- d-----w C:\Program Files\iPod 2008-05-14 15:44 --------- d-----w C:\Program Files\QuickTime 2008-05-10 00:42 --------- d-----w C:\Documents and Settings\Nickz folder\Application Data\Apple Computer 2008-05-02 22:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-05-02 22:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-05-02 22:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-04-25 15:08 --------- d-----w C:\Program Files\Bodog Poker 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2004-05-16 02:04 2,142,279 -c--a-w C:\Documents and Settings\The Boyz\gosetup.exe . <pre> -c--a-w 212,212 2008-05-24 22:25:31 C:\Patch's (sams game folder! dont delete plz)\2.4.1jumphack\ .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0519A9C9-064A-4cbc-BC47-D0EACD581477}] 2004-09-25 17:05 28672 --a--c--- C:\Program Files\ICOO Loader\addons\icooue.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}] 2004-09-22 16:36 68096 --a--c--- C:\Program Files\ICOO Loader\addons\icoou.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-05-03 00:19 835654 C:\WINDOWS\system32\nview.dll] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 19:27 68856] "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-18 01:30 488712] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 00:19 4640768] "nwiz"="nwiz.exe" [2003-05-03 00:19 323584 C:\WINDOWS\system32\nwiz.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [ ] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-25 21:29 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ] "ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" [ ] "UFC Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2007-03-12 23:15 387152] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "lphc5lnj0eaat"="C:\WINDOWS\system32\lphc5lnj0eaat.exe" [2008-06-03 21:05 93184] "sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [ ] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 08:11:14 27136] C:\Documents and Settings\Nickz folder\Start Menu\Programs\Startup\ hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20 31944] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 02:57:44 552960] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 04:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\All Users\\Documents\\iTunes\\iTunes.exe"= "C:\\Program Files\\World of Warcraft\\WoW.exe"= "C:\\Program Files\\World of Warcraft\\Repair.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\Kuma Games\\KumaClientHCnet.exe"= "C:\\WINDOWS\\Installer\\{047882CA-975E-41FC-BE02-6D6396106C4E}\\ACDSee_PM_Shtcut.exe"= "C:\\Program Files\\Warcraft III\\Warcraft III.exe"= "C:\\Program Files\\Warcraft III\\World Editor.exe"= "C:\\Program Files\\Kontiki\\KService.exe"= "C:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "6112:UDP"= 6112:UDP:warcraft . Contents of the 'Scheduled Tasks' folder "2008-06-05 19:57:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-06 23:26:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 20:51:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Softex\OmniPass\opxpgina.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Softex\OmniPass\omniServ.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Owner\Local Settings\temp\.ttA.tmp C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-06-06 21:06:20 - machine was rebooted [Owner] ComboFix-quarantined-files.txt 2008-06-07 03:05:41 Pre-Run: 17,470,369,792 bytes free Post-Run: 20,852,535,296 bytes free 201 --- E O F --- 2008-05-28 23:57:26
  11. That's what I would have guessed, and I think I'm about done with Trend. In following the directions, I hit a small snag. When I drag the file I downloaded from Microsoft onto the ComboFix file, it asks me if I want to run ComboFix instead of seeming to set up Windows Recovery Console. Is this normal?
  12. I trust your advice because my Trend Anti-virus hasn't been able to help me get rid of this yet, but why do they try to block my download of Combo Fix?
  13. Thanks for the start. I'll get on in and repost after I follow your instruction.
  14. Need help please! Teen surfer loaded something nasty, and we have lost control of our computer. Here's an HJT log, we would LOVE some help. (Yeah, when you see this log you're probably going to laugh. This computer gets used by gamers, I-tuners, and who knows what. We parents are ready to clean some stuff off here, seriously!) Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:47 PM, on 6/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lphc5lnj0eaat.exe C:\WINDOWS\system32\sysrest32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;localhost O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe O4 - HKLM\..\Run: [uFC Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:UFC O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphc5lnj0eaat] C:\WINDOWS\system32\lphc5lnj0eaat.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\All Users\Documents\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://evideo.ufc.com/ufc/cabfiles/Entriq_...0_15_Silent.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 10986 bytes