Browser Redirects[RESOLVED]

[uspoor]

Hoping someone can assist me with reading/interpreting this and helping me to determine what is causing my browser to redirect, usually when I click on a link from a google search.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:49:12 AM, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ngvpnmgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Chris\Desktop\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190720458093

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8741 bytes

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

I see that you are using an outdated version of HijackThis, so the first thing we need to tackle is to get you updated to the newest version of HijackThis.

Please download the current version of HijackThis from here.

Please be sure to save it to a permanent directory, such as C:\HJT.

Delete the old version of HijackThis afterwards.

Please post a new HJT log with the version you just downloaded.

[uspoor]

Hello and Welcome to BT.

Please post a new HJT log with the version you just downloaded.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:50:59 PM, on 10/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ngvpnmgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190720458093

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8431 bytes

[Andro1d]

Hi uspoor,

Sorry for not making this more clear, please make a folder in your C:\ drive named HJT and put the HiJackThis.exe in there.

Step 1

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

C:\WINDOWS\system32\r_server.exe

Click on the submit button

Please post the results of the scan in your next reply.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 2

Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
  
• Double-click on DSS.exe to run it, and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Step 3

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

[uspoor]

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

C:\WINDOWS\system32\r_server.exe

Click on the submit button

Please post the results of the scan in your next reply.

OK, I moved HJT into it's own directory. Sorry about that.

Now, step 1.

Sorry, I should have said that Remote Admin was a legit app:

[uspoor]

Step 2

Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
  
• Double-click on DSS.exe to run it, and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  

main.txt

Deckard's System Scanner v20070905.67

Run by on 2007-10-09 19:13:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

45: 2007-10-10 05:13:16 UTC - RP638 - Deckard's System Scanner Restore Point

44: 2007-10-07 07:02:45 UTC - RP637 - Index.dat Suite Restore Point [ Cleanup ]

43: 2007-10-07 07:02:41 UTC - RP636 - Index.dat Suite Restore Point [ Cleanup ]

42: 2007-10-07 07:02:37 UTC - RP635 - Index.dat Suite Restore Point [ Cleanup ]

41: 2007-10-07 07:02:33 UTC - RP634 - Index.dat Suite Restore Point [ Full Cleanup ]

-- First Restore Point --

1: 2007-07-12 22:22:39 UTC - RP594 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:15:07 PM, on 10/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ngvpnmgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Documents and Settings\Chris\Desktop\dss.exe

C:\HJT\Chris.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190720458093

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8268 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>

R3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; autoplay Application>

R3 NgLog (Aventail VPN Logging) - c:\windows\system32\drivers\nglog.sys <Not Verified; Aventail Corporation; Aventail® Connect with Smart Tunneling>

R3 NgVpn (Aventail VPN Adapter) - c:\windows\system32\drivers\ngvpn.sys <Not Verified; Aventail Corporation; Aventail® Connect with Smart Tunneling>

R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys

S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Creative Service for CDROM Access - c:\windows\system32\ctsvccda.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-09 19:12:18 0 d-------- C:\HJT

2007-10-06 21:00:20 0 d-------- C:\Program Files\Index.dat Suite

2007-10-06 12:33:01 0 d-------- C:\!KillBox

2007-09-26 00:50:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-09-26 00:49:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-09-25 02:03:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

-- Find3M Report ---------------------------------------------------------------

2007-10-09 08:18:36 0 d-------- C:\Documents and Settings\Chris\Application Data\AVG7

2007-10-06 20:59:43 0 d-------- C:\Program Files\SpywareBlaster

2007-09-26 00:50:11 0 d-------- C:\Program Files\Lavasoft

2007-09-26 00:49:44 0 d-------- C:\Program Files\Common Files

2007-09-24 23:51:29 0 d-------- C:\Program Files\FrontDesign

2007-08-23 00:35:08 0 d-------- C:\Documents and Settings\Chris\Application Data\Google

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]

"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 07:23 AM]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 08:52 AM]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 04:12 PM]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 04:54 PM]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 08:41 AM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/30/2005 12:25 AM]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 09:11 AM]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]

"CTXFIREG"="CTxfiReg.exe" []

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]

"CTHelper"="CTHELPER.EXE" [12/08/2005 12:06 PM C:\WINDOWS\CTHELPER.EXE]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/13/2007 08:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2005 05:00 PM]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 AM]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\

DESKTOP.INI [8/11/2004 1:15:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/20/2005 9:45:13 PM]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 8:05:26 PM]

DESKTOP.INI [8/11/2004 1:15:06 PM]

InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [7/9/2005 2:06:29 PM]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/3/2005 8:47:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"System"="kdqrr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

-- End of Deckard's System Scanner: finished at 2007-10-09 19:15:46 ------------

extra.txt

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz

Percentage of Memory in Use: 37%

Physical Memory (total/avail): 1022.09 MiB / 637.64 MiB

Pagefile Memory (total/avail): 2458.12 MiB / 2191.6 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1966.27 MiB

C: is Fixed (NTFS) - 145.53 GiB total, 71.95 GiB free.

D: is CDROM (No Media)

E: is CDROM (CDFS)

F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.01 GiB - 3 partitions

\PARTITION0 - Unknown - 70.57 MiB

\PARTITION1 (bootable) - Installable File System - 145.53 GiB - C:

\PARTITION2 - Unknown - 3.41 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG 7.5.488 v7.5.488 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\\Documents and Settings\\Chris\\Local Settings\\Temp\\~os53.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Chris\\Local Settings\\Temp\\~os53.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Chris\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Chris

LOGONSERVER=\\NEVES

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp

TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp

USERDOMAIN=NEVES

USERNAME=Chris

USERPROFILE=C:\Documents and Settings\Chris

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Chris (admin)

Faye (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\uisurvey.exe

Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"

Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9

Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AFPL Ghostscript 8.53 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"

AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"

ArcGIS ArcReader --> MsiExec.exe /I{C675A5D9-E38F-42F0-B862-C46C3CC93D5F}

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

BitComet 0.66 --> C:\Program Files\BitComet\uninst.exe

BitTornado 0.3.7 --> C:\Program Files\BitTornado\uninst.exe

BlindWrite 6.0.0.17 --> "C:\Program Files\VSO\BlindWrite6\unins000.exe"

Boardmaker version 5 --> C:\PROGRA~1\BOARDM~1\UNWISE.EXE /A C:\PROGRA~1\BOARDM~1\INSTALL.LOG

Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033

Confidence Online for Web Applications --> C:\Documents and Settings\Chris\Application Data\WholeSecurity\CAT\WSUIEE.exe

ConvertXtoDVD 2.1.5.173 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"

Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe

Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove

Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}

DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"

DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG

DVDXCopy Platinum Upgrade --> "C:\Program Files\321Studios\Platinum\uninstallupgrade.exe"

EMCO Photo Resizer --> "C:\Program Files\EMCO Photo Resizer\unins000.exe"

ER Viewer 7.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{671D7AB6-8118-4C41-B602-3001A5A949AA}\setup.exe" -uninst

ExpressPCB --> MsiExec.exe /X{4A3C74BA-B483-421B-B557-E39F3CB8C7F8}

FeedReader --> "C:\Program Files\FeedReader30\unins000.exe"

FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe

FREE Hi-Q Recorder 1.9 --> "C:\Program Files\FREE Hi-Q Recorder\unins000.exe"

FreeRIP v2.931 --> "C:\Program Files\FreeRIP2\unins000.exe"

Front Panel Designer 3.41 --> C:\PROGRA~1\FRONTD~1\UNWISE.EXE C:\PROGRA~1\FRONTD~1\INSTALL.LOG

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

GrabIt 1.4.7 Beta --> "C:\Program Files\GrabIt\unins000.exe"

HijackThis 2.0.2 --> "C:\HijackThis.exe" /uninstall

HP Precisionscan Pro 3.1 --> MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}

HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9

Index.dat Suite --> "C:\Program Files\Index.dat Suite\unins000.exe"

Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST

Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"

InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe

Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

interneTIFF 6.2-FREE (Netscape Browser) --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Innomage\interneTIFFN\Uninst.isu" -c"C:\Program Files\Innomage\interneTIFFN\U_ITIFFPRO.dll"

InterVideo WinDVD 6 --> "C:\Program Files\InstallShield Installation Information\{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}\setup.exe" REMOVEALL

IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe

IsoBuster 1.7 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}

J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}

Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Kinko's File Prep Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39245BB8-10C3-4348-BE83-D23138080341}\Setup.exe" -Uninstall

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9

Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log

MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall

Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}

Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9

Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText

Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"

Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}

PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

pstoedit and importps 3.44 --> "C:\Documents and Settings\Chris\Desktop\pstoedit\unins000.exe"

QuarkXPress 6.1 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}

Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}

QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Remote Administrator v2.0 --> C:\WINDOWS\unvise32.exe C:\Program Files\RAdmin\uninstal.log

Scholastic's I SPY Junior Puppet Playhouse --> C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic RecordNow! Deluxe --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}

TMPGEnc DVD Author 1.5 --> MsiExec.exe /I{CAC7AADD-BAB3-4CB7-B12C-7AF86BAD3A4E}

TMPGEnc Plus 2.5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{181956E4-279D-4C9B-B7C7-6A99AE69B867}

VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

WavMerge 2.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WavMerge\Uninst.isu"

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

-- Application Event Log -------------------------------------------------------

Event Record #/Type17182 / Warning

Event Submitted/Written: 10/06/2007 11:47:12 AM

Event ID/Source: 2002 / LoadPerf

Event Description:

The MOF file created for the Outlook service could not be loaded. The

error code returned by the MOF Compiler is contained in the Record Data.

Before the performance counters of this service can be collected by WMI

the MOF file will need to be loaded manually. Contact the vendor of this

service for additional information.

Event Record #/Type16905 / Error

Event Submitted/Written: 09/22/2007 02:35:38 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application firefox.exe, version 1.8.20070.50813, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type16874 / Error

Event Submitted/Written: 09/18/2007 10:16:45 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type16873 / Error

Event Submitted/Written: 09/18/2007 10:15:06 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type16828 / Error

Event Submitted/Written: 09/15/2007 05:01:45 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application firefox.exe, version 1.8.20070.50813, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type67776 / Error

Event Submitted/Written: 10/09/2007 06:59:59 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Creative Service for CDROM Access service failed to start due to the following error:

%%2

Event Record #/Type67755 / Error

Event Submitted/Written: 10/09/2007 08:18:19 AM

Event ID/Source: 19 / Print

Event Description:

Sharing printer failed + 1722, Printer Kinko's File Prep Tool share name Kinko's File Prep Tool.

Event Record #/Type67754 / Error

Event Submitted/Written: 10/09/2007 08:18:16 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Creative Service for CDROM Access service failed to start due to the following error:

%%2

Event Record #/Type67732 / Error

Event Submitted/Written: 10/08/2007 11:44:06 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Creative Service for CDROM Access service failed to start due to the following error:

%%2

Event Record #/Type67706 / Error

Event Submitted/Written: 10/07/2007 10:12:11 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The Creative Service for CDROM Access service failed to start due to the following error:

%%2

-- End of Deckard's System Scanner: finished at 2007-10-09 19:15:46 ------------

[uspoor]

Step 3

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  

Incident Status Location

Hacktool:Exploit/iFrame Not disinfected C:\Backup\2003_A30406_1420 040103 Miscellaneous\Mail\HOL\Incoming, 3rd quarter 2002[~0000538.~]

Virus:W32/Klez.I Disinfected C:\Backup\2003_A30406_1420 040103 Miscellaneous\Mail\HOL\Incoming, 3rd quarter 2002[teenspread[1].scr]

Hacktool:Exploit/iFrame Not disinfected C:\Backup\2003_A3211_1205 021103 backup\Miscellaneous\Mail\HOL\Incoming, 3rd quarter 2002[~0000538.~]

Virus:W32/Klez.I Disinfected C:\Backup\2003_A3211_1205 021103 backup\Miscellaneous\Mail\HOL\Incoming, 3rd quarter 2002[teenspread[1].scr]

Virus:W32/Mydoom.A.worm Disinfected C:\Backup\200440402_0921 first quarter 2004 backup\backup first quarter 2004\Mail\HOL\Incoming, first quarter 2004[kwduo.zip][kwduo.htm .scr]

Hacktool:Exploit/iFrame Not disinfected C:\Backup\2004\3rd qtr backup 2004\WINDOWS\Desktop\Miscellaneous\Mail\HOL\Third quarter 2004\Incoming[~0000274.~]

Hacktool:Exploit/iFrame Not disinfected C:\Backup\2004\3rd qtr backup 2004\WINDOWS\Desktop\Miscellaneous\Mail\HOL\Third quarter 2004\Incoming[~0000274.~][~0000003.~]

Virus:W32/Netsky.P.worm Disinfected C:\Backup\2004\3rd qtr backup 2004\WINDOWS\Desktop\Miscellaneous\Mail\HOL\Third quarter 2004\Incoming[~0000274.~][message.scr]

Virus:W32/Happy Disinfected C:\Documents and Settings\Chris\Desktop\2005\Last half 2005\Music\Instruments\My M-3 Hammond\ham_zeni_96_current\ham_zeni_96_now[~0001025.~][Happy99.exe]

Virus:Bck/Radmin.AF Disinfected C:\Documents and Settings\Chris\Desktop\2005\radmin\RADMIN20.EXE

Virus:Bck/Radmin.AF Disinfected C:\Documents and Settings\Chris\Desktop\2005\radmin\radmin20.zip[RADMIN20.EXE]

Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Chris\Desktop\BT Download\Downloaders\DCC Manager\setup.exe

Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Chris\Desktop\BT Download\DVDXCopy Platinum v4.0.3.8.zip[DVDXCopy Platinum v4.0.3.8/dvdxcopy platinum 4.0.3.8 crack/Keymaker1.exe]

Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Chris\Desktop\BT Download\DVDXCopy Platinum v4.0.3.8.zip[DVDXCopy Platinum v4.0.3.8/dvdxcopy platinum 4.0.3.8 crack/setup.exe]

Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Chris\Desktop\BT Download\DVDXCopy Platinum v4.0.3.8.zip[DVDXCopy Platinum v4.0.3.8/DVDXCopy Platinum v4.0.3.8.exe]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.cdfreaks.com/]

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.club.cdfreaks.com/]

Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Faye\Application Data\Mozilla\Firefox\Profiles\3exp30bv.default\cookies.txt[.cdfreaks.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Faye\Cookies\faye@2o7[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Faye\Cookies\faye@adrevolver[1].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Faye\Cookies\faye@adrevolver[2].txt

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Faye\Cookies\faye@adrevolver[3].txt

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Faye\Cookies\faye@advertising[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Faye\Cookies\faye@atdmt[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Faye\Cookies\faye@atwola[2].txt

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Faye\Cookies\faye@azjmp[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faye\Cookies\faye@belnk[1].txt

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Faye\Cookies\faye@bfast[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Faye\Cookies\faye@burstnet[2].txt

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Faye\Cookies\faye@casalemedia[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Faye\Cookies\faye@com[1].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Faye\Cookies\faye@did-it[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Faye\Cookies\faye@enhance[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Faye\Cookies\faye@go[1].txt

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Faye\Cookies\faye@mediaplex[2].txt

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Faye\Cookies\faye@questionmarket[1].txt

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Faye\Cookies\faye@realmedia[2].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Faye\Cookies\faye@serving-sys[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Faye\Cookies\faye@statcounter[1].txt

Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][2].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Faye\Cookies\faye@target[2].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Faye\Cookies\faye@tribalfusion[2].txt

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Faye\Cookies\[email protected][1].txt

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Faye\Cookies\faye@xiti[1].txt

[Andro1d]

Hello again.

I see you have BitComet 0.66 & BitTornado 0.3.7 installed on your system.

While the programs itself are legal, most of the files downloaded with it are not.

Also, quite often the files can be infected with viruses, malware, and other undesirable applications.

I highly recommend uninstalling BitComet 0.66 & BitTornado 0.3.7 via Add or Remove Programs, but these programs are optional for you if you choose to want to keep them.

See HERE for details on P2P file sharing programs.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
  

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-secure.com/enu/home/ols.shtml
  
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  
• Allow the Active X control to be installed on your computer, then click the Accept button
  
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
  
• Click Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

Notes:

• This scan will only work with Internet Explorer
  
• You must have administrator rights to run this scan
  
• This scan can take several hours, so please be patient
  

[uspoor]

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-secure.com/enu/home/ols.shtml
  
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  
• Allow the Active X control to be installed on your computer, then click the Accept button
  
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

[*]When the cleaning option is presented, Uncheck Submit samples to F-Secure

[*]Click Automatic cleaning

[*]When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)

[*]Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Hello!

Scanning Report

Wednesday, October 10, 2007 21:23:55 - 22:21:50

Computer name:

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\

--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 52999

System: 5280

Not scanned: 4

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

None: 0

Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

--------------------------------------------------------------------------------

Options

Scanning engines:

F-Secure Libra: 2.4.2, 2007-10-07

F-Secure AVP: 7.0.171, 2007-10-11

F-Secure Orion: 1.2.37, 2007-10-11

F-Secure Blacklight: 1.0.64

F-Secure Draco: 1.0.35, 0597-150-72

F-Secure Pegasus: 1.19.0, 2007-09-02

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Use Advanced heuristics

[Andro1d]

Nice job your log looks clean !

How is it running ?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

• Click Start, Settings, Control Panel
  
• Double-click the System icon
  
• Click the Performance tab, File System, Troubleshooting tab
  
• Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  
• Then uncheck "Turn off System Restore" which will create a new System Restore point
  
• Click OK
  

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing

[uspoor]

Nice job your log looks clean !

How is it running ?

Great! Thanks for your assistance!

Is there a way we can contribute financially to the site or otherwise to show appreciaition?

[Andro1d]

Glad I was of service!

Yes, you can directly donate to me to help me continue in the fight against malware.

Donate Here

[uspoor]

Glad I was of service!

Yes, you can directly donate to me to help me continue in the fight against malware.

Donate Here

I get a page not found...

[Andro1d]

Whoops, my bad uspoor.

I gave you a link that would expire.

Please click the white Make a Donation button in the bottom of my signature for the correct link.

Thanks ahead of time!

[uspoor]

Please click the white Make a Donation button in the bottom of my signature for the correct link.

Thanks ahead of time!

You've got PayPal! Thanks!

[Andro1d]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.