1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can someone help me remove Security Toolbar 7.1???

Discussion in 'Virus & Other Malware Removal' started by VanHalen2007, Jun 7, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    I just purchased a brand new computer so this has really got me upset! I have no clue what to do with removing this virus! I have Windows Vista Prem. Can someone please help me out? Thanks

    Here is an updated log from my computer from HijackThis:


    Logfile of HijackThis v1.99.1
    Scan saved at 1:16:03 AM, on 07/06/2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
    C:\Users\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.210.146.61:7212
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Image ActiveX Access\iesplg.dll
    O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Image ActiveX Access\iesbpl.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, VanHalen2007

    Welcome!

    Download Wpf3vista.exe to your Desktop and double-click on it to extract the files. It will create a folder named WPF3Vista on your desktop.
    1. Open the WPF3Vista folder and double-click on WinPFind3U.exe to start the Program.
      • In the Processes group click All
      • In the Win32 Services group click All
      • In the Driver Services group click All
      • In the Registry group click All
      • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select All
      • In the Additional scans sections please press select All and uncheck non-microsoft only
    2. Now click the Run Scan button on the toolbar.
    3. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    4. When the scan is complete Notepad will open with the report file loaded in it.
    5. Save that notepad file
    Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).
     
  3. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    Thanks!

    It worked all is good!

    Whew! (y)
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Well, that program does not fix anything. It is just a scanner such as, Hijackthis. So, if something was fixed, it was by itself, which I doubt. It is up to you to submit the WPF3Vista report.
     
  5. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, VanHalen2007 :)

    If you are willing to participate in this forum until your system is completely clean. We may be able to help you.

    [​IMG]Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
    If the files are too long, attach them to a reply:
    1. Scroll down and click the [Manage Attachments] button
    2. Browse to the following folder:
      • C:\Deckard\System Scanner
    3. Click Upload to upload these files one by one
    4. Submit your reply
     
  6. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    Here is the main.txt scan:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-03-31 11:00:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:02 AM, on 31/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Grisoft\AVG7\avgw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
    C:\Users\Owner\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\Aurora.scr
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
    O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{FBE878E4-7F03-4C16-9FE5-04D2FEE983F1}
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoape.com/uptool/apeUploader.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 13054 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

    S3 ENTECH - \??\c:\windows\system32\drivers\entech.sys
    S3 giveio - \??\c:\windows\system32\giveio.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&90
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller #2
    PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&90
    Service: NVENETFD


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-31 11:10:11 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FBE878E4-7F03-4C16-9FE5-04D2FEE983F1}.job
    2008-03-30 20:51:00 256 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    2008-03-29 18:00:00 442 --a------ C:\Windows\Tasks\ParetoLogic Registration.job
    2008-03-26 03:00:00 496 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job


    -- Files created between 2008-02-29 and 2008-03-31 -----------------------------

    2008-03-30 14:15:45 0 d-------- C:\Users\All Users\Yahoo! Companion
    2008-03-30 10:05:31 0 d-------- C:\Program Files\Yahoo!
    2008-03-29 12:03:58 0 d-------- C:\Program Files\Trend Micro
    2008-03-22 13:01:05 0 d-------- C:\Users\Owner\.housecall6.6
    2008-03-22 13:00:55 0 d-------- C:\Windows\Sun
    2008-03-22 09:53:28 0 d-------- C:\Users\All Users\BitDefender
    2008-03-22 09:53:28 0 d-------- C:\Program Files\BitDefender
    2008-03-22 09:52:27 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-22 09:28:55 0 d-------- C:\Windows\BDOSCAN8
    2008-03-21 13:59:47 0 d-------- C:\Program Files\iPod
    2008-03-21 13:59:45 0 d-------- C:\Program Files\iTunes
    2008-03-21 13:57:18 0 d-------- C:\Program Files\QuickTime
    2008-03-21 13:53:57 0 d-------- C:\Program Files\Common Files\Apple
    2008-03-20 16:33:48 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
    2008-03-17 16:30:37 0 d-------- C:\Users\Owner\BestPornInMarch
    2008-03-16 21:27:55 69632 --a------ C:\Windows\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 110592 --a------ C:\Windows\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 135168 --a------ C:\Windows\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 163840 --a------ C:\Windows\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:31 0 d-------- C:\Users\All Users\Logitech
    2008-03-16 21:27:29 0 d-------- C:\Program Files\Logitech
    2008-03-16 21:27:24 0 d-------- C:\Program Files\Common Files\Logitech
    2008-03-16 21:26:59 0 d-------- C:\Users\All Users\LogiShrd
    2008-03-16 17:39:15 0 d-------- C:\Users\All Users\Pure Networks
    2008-03-15 11:50:09 0 d-------- C:\Program Files\LogMeIn
    2008-03-11 17:08:57 0 d-------- C:\Program Files\Data Doctor Bulk SMS (Evaluation)
    2008-03-08 11:40:11 0 dr------- C:\Users\Eddie Van Halen\Searches
    2008-03-08 11:39:52 0 dr------- C:\Users\Eddie Van Halen\Contacts
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Templates
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Start Menu
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\SendTo
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Recent
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\PrintHood
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\NetHood
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\My Documents
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Local Settings
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Cookies
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Application Data
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Videos
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Saved Games
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Pictures
    2008-03-08 11:39:13 786432 --ahs---- C:\Users\Eddie Van Halen\NTUSER.DAT
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Music
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Links
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Favorites
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Downloads
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Documents
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Desktop
    2008-03-08 11:39:13 0 d--h----- C:\Users\Eddie Van Halen\AppData
    2008-03-08 11:31:10 0 d-------- C:\Users\Owner\March7
    2008-03-08 11:27:59 0 d-------- C:\Users\All Users\Symantec
    2008-03-08 11:27:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-29 22:47:35 10240 -ra------ C:\Windows\system32\drivers\vmnet.sys <Not Verified; VMware, Inc.; VMware virtual network driver (32-bit)>
    2008-02-29 22:41:18 0 dr------- C:\Users\Owner\Feb29LEAP


    -- Find3M Report ---------------------------------------------------------------

    2008-03-31 10:54:09 0 d-------- C:\Users\Owner\AppData\Roaming\AVG7
    2008-03-31 10:53:43 0 d-------- C:\Program Files\Lx_cats
    2008-03-30 14:15:45 0 d-------- C:\Users\Owner\AppData\Roaming\Yahoo!
    2008-03-30 10:05:07 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-27 14:11:31 0 d-------- C:\Users\Owner\AppData\Roaming\uTorrent
    2008-03-24 12:27:20 0 d-------- C:\Program Files\DVD Shrink
    2008-03-22 09:54:31 0 d-------- C:\Users\Owner\AppData\Roaming\BitDefender
    2008-03-22 09:52:27 0 d-------- C:\Program Files\Common Files
    2008-03-21 18:00:52 0 d-------- C:\Program Files\Winamp
    2008-03-16 21:29:38 0 d-------- C:\Users\Owner\AppData\Roaming\Logitech
    2008-03-13 11:10:51 0 d-------- C:\Program Files\Windows Mail
    2008-03-11 17:09:00 2508 --a------ C:\Users\Owner\AppData\Roaming\$_hpcst$.hpc
    2008-02-29 22:58:33 0 d-------- C:\Users\Owner\AppData\Roaming\VMware
    2008-02-27 07:59:22 0 d-------- C:\Program Files\Windows Live
    2008-02-20 14:41:55 0 d-------- C:\Users\Owner\AppData\Roaming\Winamp
    2008-02-20 14:36:57 0 d-------- C:\Program Files\DSP-worx
    2008-02-06 13:59:52 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-01 12:11:10 586240 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
    2008-01-09 15:01:48 53248 --a------ C:\Windows\bdoscandel.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/05/2007 05:08 PM]
    "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [11/12/2006 06:34 PM]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [20/03/2006 03:43 PM]
    "NvSvc"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "NvCplDaemon"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "NvMediaCenter"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 09:34 AM]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07/06/2007 01:52 PM]
    "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [22/11/2006 05:11 AM]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 04:57 PM]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 10:51 AM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 05:25 AM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/01/2008 11:45 AM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15/01/2008 06:54 PM]
    "LXCTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [21/11/2006 08:27 AM]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 03:09 PM]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\Windows\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\Windows\KHALMNPR.Exe]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 01:10 PM]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 03:46 PM]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16/02/2008 05:45 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 02:13 PM]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:35 AM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 05:46 PM]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [02/11/2006 05:45 AM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [30/03/2008 10:33:04 AM]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [30/03/2008 10:31:43 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 02/01/2008 12:17 AM 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
    C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
    "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
    rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThePrivacyGuard]
    "C:\Program Files\The Privacy Guard\ThePrivacyGuard.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bdx scan sysagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Service-ad86b7f#c#Images#Office Pro 2003 wKey]
    AutoRun\command- Z:\SETUP.EXE /AUTORUN
    configure\command- Z:\SETUP.EXE
    install\command- Z:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196606b9-024a-11dc-8b8b-806e6f6e6963}]
    AutoRun\command- E:\setup.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com

    7693 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-03-31 11:12:43 ------------
     
  7. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    And here is the extra.txt scan information:



    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista&#8482; Home Premium (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
    Percentage of Memory in Use: 52%
    Physical Memory (total/avail): 2045.94 MiB / 965.53 MiB
    Pagefile Memory (total/avail): 4307.14 MiB / 3012.23 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1918.44 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 149.06 GiB total, 83.72 GiB free.
    D: is Fixed (NTFS) - 465.76 GiB total, 444.25 GiB free.
    E: is CDROM (CDFS)
    F: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD50 00AAKS-65TMA SCSI Disk Device - 465.76 GiB - 1 partition
    \PARTITION0 - Installable File System - 465.76 GiB - D:

    \\.\PHYSICALDRIVE1 - NVIDIA STRIPE 149.06G - 149.06 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 149.06 GiB - C:

    \\.\PHYSICALDRIVE2 - Lexmark USB Mass Storage USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
    AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)
    AV: AVG 7.5.519 v7.5.519 (Grisoft)
    AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
    AS: BitDefender Antispyware v8.0 (BitDefender) Disabled
    AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
    AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
    AS: AdwareAlert v () Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Owner\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=OWNER-PC
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Owner
    LOCALAPPDATA=C:\Users\Owner\AppData\Local
    LOGONSERVER=\\OWNER-PC
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Windows Resource Kits\Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Owner\AppData\Local\Temp
    TMP=C:\Users\Owner\AppData\Local\Temp
    USERDOMAIN=Owner-PC
    USERNAME=Owner
    USERPROFILE=C:\Users\Owner
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Owner
    Eddie Van Halen (new local, net ready)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
    --> C:\Windows\UNNeroVision.exe /UNINSTALL
    --> C:\Windows\UNRecode.exe /UNINSTALL
    3DMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\setup.exe" -l0x9 -removeonly
    3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
    AC3Filter (remove only) --> C:\Users\Owner\Desktop\AC3Filter\uninstall.exe
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
    AVS Video Editor 3.5 --> "C:\Program Files\AVS4YOU\AVSVideoEditor\unins000.exe"
    AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
    CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    Data Doctor Bulk SMS (Evaluation) 2.0.1.5 --> C:\Program Files\Data Doctor Bulk SMS (Evaluation)\Uninstall.exe
    DC-Bass Source 1.00 --> "C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
    DesignPro 5.0 Media Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDF1085A-73FF-4B3B-8726-2A403D400E48}
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    ffdshow [rev 1299] [2007-06-17] --> "C:\Program Files\ffdshow\unins000.exe"
    Free YouTube to Mp3 Converter version 2.4 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
    Ghost Recon Advanced Warfighter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Information Center --> "C:\Program Files\Video Add-on\icun.exe"
    iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
    Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
    Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
    LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
    Live Search Maps Add-In for Microsoft Office Outlook --> MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
    Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
    Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
    LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSf22.inf, Uninstall
    Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    MosChip Multi-IO Controller --> NmUninst.exe
    MOVAVI VideoSuite 3.4 --> C:\Program Files\MOVAVI VideoSuite 3.4\uninst.exe
    Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
    Nero Mega Plugin Pack --> MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Network Magic --> C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
    NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Opera 9.21 --> MsiExec.exe /X{AF599832-2305-4922-9342-6FF48894E384}
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Stellar Phoenix Outlook Pst Repair v2.1 --> "C:\Program Files\Stellar Phoenix Outlook Pst Repair\unins000.exe"
    Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
    Talking Dictionary 8.4.5 --> "C:\Program Files\Talking Dictionary\unins000.exe"
    Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
    Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
    Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
    Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
    Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
    Windows Resource Kit Tools --> MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Xilisoft Download YouTube Video --> C:\Program Files\Xilisoft\Download YouTube Video\Uninstall.exe
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type99857 / Success
    Event Submitted/Written: 03/31/2008 10:52:25 AM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type99856 / Success
    Event Submitted/Written: 03/31/2008 10:52:25 AM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type99852 / Success
    Event Submitted/Written: 03/31/2008 10:52:10 AM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    The Software Licensing service has started.

    Event Record #/Type99826 / Success
    Event Submitted/Written: 03/30/2008 09:11:50 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type99780 / Success
    Event Submitted/Written: 03/30/2008 08:43:12 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:




    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type79365 / Error
    Event Submitted/Written: 03/31/2008 10:52:40 AM
    Event ID/Source: 30005 / ipnathlp
    Event Description:
    The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.199. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

    Event Record #/Type79363 / Error
    Event Submitted/Written: 03/31/2008 10:52:37 AM
    Event ID/Source: 1233 / ipnathlp
    Event Description:
    The ICS_IPV6 failed to configure IPv6 stack.

    Event Record #/Type79362 / Warning
    Event Submitted/Written: 03/31/2008 10:52:37 AM
    Event ID/Source: 1237 / ipnathlp
    Event Description:
    The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

    Event Record #/Type79308 / Error
    Event Submitted/Written: 03/31/2008 10:52:26 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Parallel port driver%%1058

    Event Record #/Type79266 / Error
    Event Submitted/Written: 03/31/2008 10:51:35 AM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 24, function 0.
    Please contact your system vendor for technical assistance.



    -- End of Deckard's System Scanner: finished at 2008-03-31 11:12:43
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, VanHalen2007 :)

    Is there a Nod32 report I can see?

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):




    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvSvc
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvCplDaemon
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvMediaCenter
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Kernel and Hardware Abstraction Layer
      [/b]
      
    • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
  9. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    Hi.

    This is the notepad information:

    C:\Users\Owner\BestPornInMarch moved successfully.
    [Custom Input]
    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} >
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\\ deleted successfully.
    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvSvc >
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvSvc\\ not found.
    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvCplDaemon >
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvCplDaemon\\ not found.
    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvMediaCenter >
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | NvMediaCenter\\ not found.
    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Kernel and Hardware Abstraction Layer >
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Kernel and Hardware Abstraction Layer\\ not found.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03312008_192629
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Please re-scan with DSS and post the main.txt . Run Nod32 and post the report if any.
     
  11. VanHalen2007

    VanHalen2007 Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    10
    Here is the Dss scan and main.txt log:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-04-01 18:38:14
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:38:28 PM, on 01/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\notepad.exe
    C:\Users\Owner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 97.81.19.227:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
    O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{FBE878E4-7F03-4C16-9FE5-04D2FEE983F1}
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoape.com/uptool/apeUploader.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12812 bytes

    -- Files created between 2008-03-01 and 2008-04-01 -----------------------------

    2008-03-30 14:15:45 0 d-------- C:\Users\All Users\Yahoo! Companion
    2008-03-30 10:05:31 0 d-------- C:\Program Files\Yahoo!
    2008-03-29 12:03:58 0 d-------- C:\Program Files\Trend Micro
    2008-03-22 13:01:05 0 d-------- C:\Users\Owner\.housecall6.6
    2008-03-22 13:00:55 0 d-------- C:\Windows\Sun
    2008-03-22 09:53:28 0 d-------- C:\Users\All Users\BitDefender
    2008-03-22 09:53:28 0 d-------- C:\Program Files\BitDefender
    2008-03-22 09:52:27 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-22 09:28:55 0 d-------- C:\Windows\BDOSCAN8
    2008-03-21 13:59:47 0 d-------- C:\Program Files\iPod
    2008-03-21 13:59:45 0 d-------- C:\Program Files\iTunes
    2008-03-21 13:57:18 0 d-------- C:\Program Files\QuickTime
    2008-03-21 13:53:57 0 d-------- C:\Program Files\Common Files\Apple
    2008-03-20 16:33:48 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
    2008-03-16 21:27:55 69632 --a------ C:\Windows\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 110592 --a------ C:\Windows\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 135168 --a------ C:\Windows\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:55 163840 --a------ C:\Windows\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2008-03-16 21:27:31 0 d-------- C:\Users\All Users\Logitech
    2008-03-16 21:27:29 0 d-------- C:\Program Files\Logitech
    2008-03-16 21:27:24 0 d-------- C:\Program Files\Common Files\Logitech
    2008-03-16 21:26:59 0 d-------- C:\Users\All Users\LogiShrd
    2008-03-16 17:39:15 0 d-------- C:\Users\All Users\Pure Networks
    2008-03-15 11:50:09 0 d-------- C:\Program Files\LogMeIn
    2008-03-11 17:08:57 0 d-------- C:\Program Files\Data Doctor Bulk SMS (Evaluation)
    2008-03-08 11:40:11 0 dr------- C:\Users\Eddie Van Halen\Searches
    2008-03-08 11:39:52 0 dr------- C:\Users\Eddie Van Halen\Contacts
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Templates
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Start Menu
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\SendTo
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Recent
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\PrintHood
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\NetHood
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\My Documents
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Local Settings
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Cookies
    2008-03-08 11:39:17 0 d--hs---- C:\Users\Eddie Van Halen\Application Data
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Videos
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Saved Games
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Pictures
    2008-03-08 11:39:13 786432 --ahs---- C:\Users\Eddie Van Halen\NTUSER.DAT
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Music
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Links
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Favorites
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Downloads
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Documents
    2008-03-08 11:39:13 0 dr------- C:\Users\Eddie Van Halen\Desktop
    2008-03-08 11:39:13 0 d--h----- C:\Users\Eddie Van Halen\AppData
    2008-03-08 11:31:10 0 d-------- C:\Users\Owner\March7
    2008-03-08 11:27:59 0 d-------- C:\Users\All Users\Symantec
    2008-03-08 11:27:59 0 d-------- C:\Program Files\Common Files\Symantec Shared


    -- Find3M Report ---------------------------------------------------------------

    2008-04-01 14:50:34 0 d-------- C:\Users\Owner\AppData\Roaming\AVG7
    2008-04-01 13:15:08 0 d-------- C:\Program Files\Lx_cats
    2008-03-30 14:15:45 0 d-------- C:\Users\Owner\AppData\Roaming\Yahoo!
    2008-03-30 10:05:07 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-27 14:11:31 0 d-------- C:\Users\Owner\AppData\Roaming\uTorrent
    2008-03-24 12:27:20 0 d-------- C:\Program Files\DVD Shrink
    2008-03-22 09:54:31 0 d-------- C:\Users\Owner\AppData\Roaming\BitDefender
    2008-03-22 09:52:27 0 d-------- C:\Program Files\Common Files
    2008-03-21 18:00:52 0 d-------- C:\Program Files\Winamp
    2008-03-16 21:29:38 0 d-------- C:\Users\Owner\AppData\Roaming\Logitech
    2008-03-13 11:10:51 0 d-------- C:\Program Files\Windows Mail
    2008-03-11 17:09:00 2508 --a------ C:\Users\Owner\AppData\Roaming\$_hpcst$.hpc
    2008-02-29 22:58:33 0 d-------- C:\Users\Owner\AppData\Roaming\VMware
    2008-02-27 07:59:22 0 d-------- C:\Program Files\Windows Live
    2008-02-20 14:41:55 0 d-------- C:\Users\Owner\AppData\Roaming\Winamp
    2008-02-20 14:36:57 0 d-------- C:\Program Files\DSP-worx
    2008-02-06 13:59:52 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-01 12:11:10 586240 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
    2008-01-09 15:01:48 53248 --a------ C:\Windows\bdoscandel.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/05/2007 05:08 PM]
    "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [11/12/2006 06:34 PM]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [20/03/2006 03:43 PM]
    "NvSvc"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "NvCplDaemon"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "NvMediaCenter"="RUNDLL32.exe" [02/11/2006 05:45 AM C:\Windows\System32\rundll32.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 09:34 AM]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07/06/2007 01:52 PM]
    "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [22/11/2006 05:11 AM]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 04:57 PM]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 10:51 AM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 05:25 AM]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/01/2008 11:45 AM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15/01/2008 06:54 PM]
    "LXCTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [21/11/2006 08:27 AM]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 03:09 PM]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\Windows\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 03:32 PM C:\Windows\KHALMNPR.Exe]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08/01/2008 05:20 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 01:10 PM]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 03:46 PM]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16/02/2008 05:45 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 02:13 PM]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:35 AM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 05:46 PM]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [02/11/2006 05:45 AM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [30/03/2008 10:33:04 AM]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [30/03/2008 10:31:43 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 02/01/2008 12:17 AM 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
    C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
    "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
    rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThePrivacyGuard]
    "C:\Program Files\The Privacy Guard\ThePrivacyGuard.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bdx scan sysagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Service-ad86b7f#c#Images#Office Pro 2003 wKey]
    AutoRun\command- Z:\SETUP.EXE /AUTORUN
    configure\command- Z:\SETUP.EXE
    install\command- Z:\SETUP.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196606b9-024a-11dc-8b8b-806e6f6e6963}]
    AutoRun\command- E:\setup.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-04-01 18:38:53 ------------


    And finally, the NOD32 info:

    File C:\Deckard\System Scanner\backup\Users\Owner\AppData\Local\Temp\NeroDemo12550\Toolbar.exe is infected with application Win32/Toolbar.AskSBar. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.

    Java/ClassLoader trojan File: Owner\AppData\Local\Temp\$795935E2.t$m
    Same as above \$27DF044D.t$m
    Java/Exploit.Bytverify \$1C3F3F64.t$m
    Java/ClassLoader.AS trojan \$7CFA5759.t$m
    Java/Exploit.Bytverify trojan \$3644191F.t$m
    Java/Exploit.Bytverify \$54A90CE7.t$m
    Java/Exploit.Bytverify trojan \$1E090DBE.t$m


    Thanks again.
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, VanHalen2007 :)

    • Make sure you have an Internet Connection.
    • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Click on the CleanUp! button
    • A list of tool components used in the Cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
    • Click Yes to beging the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
    Perform Disk Cleanup and remove all Temporary files and folders:
    1. Click Start, and then click Computer.
    2. Right-click the drive you want to clean (C:), and then click Properties. On the Properties dialog, click Disk Cleanup.
    3. Click either My Files Only or Files From All Users On This Computer (Recommended).
    4. On the Disk Cleanup tab, select the files to delete, and then click OK.
    Go to the Control Panel. Double click on the JAVA icon. Under Temporary Internet Files, click on Settings, then click on Delete Files. Make sure both boxes are checked, and click on OK. Click Ok out of the properties window.

    Re-Scan with Nod32. Let me know the outcome.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/581675

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice