Hijacked by Obfuskated maybe more

Unknown · May 2007

Ok doing a virus scan right now Obfuskated came up and maybe more here is my hijackthis scan. Also I've notice over the last few months my computer is kinda slow when loading programs or games compared to times before that it would load up pretty quick.

Logfile of HijackThis v1.99.1
Scan saved at 9:57:35 AM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\NetGrid\NetGrid.exe
C:\Program Files\Tweak-XP\blads.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\Winde` Thach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [] C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [NetGrid] C:\Program Files\NetGrid\NetGrid.exe
O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AxisBin] C:\DOCUME~1\WINDE`~1\APPLIC~1\Internet Size\Date bags tool.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

I went ahead and did a Hijacked Uninstall manager programs got this

AC Tool 4.5.11 Install
AC Tool 4.5.6 Install
AC Tool 4.6.2 Install
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Advanced WMA Workshop version 1.58
AOL Instant Messenger
ATI Control Panel
ATI Display Driver
ATI DVD Decoder
ATI Multimedia Center 7.8.0.0
AVG 7.5
AviSynth 2.5
BitTorrent 4.0.2
ConvertXtoDVD 2.1.14.223
Creative WebCam Control
Creative WebCam Driver
Customizer XP
DAEMON Tools
DAO
Direct Show Ogg Vorbis Filter (remove only)
DivX
DLA
Easy Access Button Support
Elecard MPEG2 Player 2.0
ffdshow
FINAL FANTASY XI
FINAL FANTASY XI for Windows - Official Benchmark Program 2
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
First Step Guide
Get-Torrent version 2.0.0.0
Haali Media Splitter
Half-Life
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
HydraVision
ImageMixer VCD2
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
InterActual Player
InterVideo WinDVD
InterVideo WinDVD 7
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment Standard Edition v1.3.1
LimeWire 4.8.1
Macromedia Flash Player
Matroska Pack
McAfee SecurityCenter
McAfee VirusScan Professional
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6.0
Microsoft Works and Money 2002 Setup Launcher
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MyDsc2
Nero Digital
Nero Suite
NetGrid
Nimo Codecs Pack v5.0 (Remove Only)
OIN
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
Picture Package
PlayOnline Viewer and Tetra Master
Powertoys For Windows XP
PSP Video 9 1.74
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Saitek Configuration Software
Saitek NT Controller Drivers
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Shockwave
Sony USB Driver
Spybot - Search & Destroy 1.2
SpywareBlaster v3.4
Styles XP (remove only)
The Learning Equation - Intermediate Algebra
Tweak-XP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WinAce Archiver 2.0
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPatrol
WinZip
XviD MPEG-4 Video Codec
XviD Video Codec 14052003-1 (Koepi's developer build)
Yahoo! Messenger
Yahoo! Toolbar

peku006 · May 2007

Hi Takayuke and welcome to Short-Media. I'm checking your log, so please be patient.

Takayuke · May 2007

peku006 wrote:

Hi Takayuke and welcome to Short-Media. I'm checking your log, so please be patient.

Thank Peku006

peku006 · May 2007

:smiles: Hi Takayuke
I don't see any indication of a Firewall
in your HijackThis log.
What Firewall you use?

Please do the following...

step#1
You are currently running HijackThis direct from your Desktop C:\Documents and Settings\Winde` Thach\Desktop\HijackThis.exe
Hijack this needs a permanent folder to store backups in. Please make a folder HJT on your Desktop and place HijackThis.exe in that folder.

step#2
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AxisBin] C:\DOCUME~1\WINDE`~1\APPLIC~1\Internet Size\Date bags tool.exe
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
Close ALL open windows
Click Fix Checked
Close HijackThis

step#3
Please Download NoLop to your desktop from one of the links below...
link 1
Link 2
Link 3
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish

If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--

step#4
Open HijackThis
- Click the Do a system scan and save a log file button

step#5
Post these Logfiles in your next reply
C:\NoLop.log
a HijackThis log

Takayuke · May 2007

Okay did everything you said and here what I got

Logfile of HijackThis v1.99.1
Scan saved at 7:15:06 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\NetGrid\NetGrid.exe
C:\Program Files\Tweak-XP\blads.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Winde` Thach\Desktop\HHJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [] C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [NetGrid] C:\Program Files\NetGrid\NetGrid.exe
O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

oLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Winde` Thach\Desktop
[5/26/2007]
[7:08:39 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intertrust
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Symantec
C:\Documents and Settings\Administrator\Application Data\Veritas
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Ati Mmc
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Rulethunklitekeep
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Default User\Application Data\Veritas
C:\Documents and Settings\Guest\Application Data\Adobe
C:\Documents and Settings\Guest\Application Data\Aim
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Intertrust
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Real
C:\Documents and Settings\Guest\Application Data\Symantec
C:\Documents and Settings\Guest\Application Data\Veritas
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Identities
C:\Documents and Settings\Owner\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Real
C:\Documents and Settings\Owner\Application Data\Symantec
C:\Documents and Settings\Owner\Application Data\Veritas
C:\Documents and Settings\Winde` Thach\Application Data\.bittornado
C:\Documents and Settings\Winde` Thach\Application Data\.bittorrent
C:\Documents and Settings\Winde` Thach\Application Data\Adobe
C:\Documents and Settings\Winde` Thach\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Winde` Thach\Application Data\Ahead
C:\Documents and Settings\Winde` Thach\Application Data\Aim
C:\Documents and Settings\Winde` Thach\Application Data\Apple Computer
C:\Documents and Settings\Winde` Thach\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Winde` Thach\Application Data\Creative
C:\Documents and Settings\Winde` Thach\Application Data\Get-torrent
C:\Documents and Settings\Winde` Thach\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Winde` Thach\Application Data\Identities
C:\Documents and Settings\Winde` Thach\Application Data\Internet Size -- EMPTY Directory
C:\Documents and Settings\Winde` Thach\Application Data\Intertrust
C:\Documents and Settings\Winde` Thach\Application Data\Intervideo
C:\Documents and Settings\Winde` Thach\Application Data\Lavasoft
C:\Documents and Settings\Winde` Thach\Application Data\Leadertech
C:\Documents and Settings\Winde` Thach\Application Data\Macromedia
C:\Documents and Settings\Winde` Thach\Application Data\Microsoft
C:\Documents and Settings\Winde` Thach\Application Data\Mozilla
C:\Documents and Settings\Winde` Thach\Application Data\Nerodctemplates
C:\Documents and Settings\Winde` Thach\Application Data\Real
C:\Documents and Settings\Winde` Thach\Application Data\Sony Corporation
C:\Documents and Settings\Winde` Thach\Application Data\Sun
C:\Documents and Settings\Winde` Thach\Application Data\Symantec
C:\Documents and Settings\Winde` Thach\Application Data\Teamspeak2
C:\Documents and Settings\Winde` Thach\Application Data\Template
C:\Documents and Settings\Winde` Thach\Application Data\Ulead Systems
C:\Documents and Settings\Winde` Thach\Application Data\Uoau -- EMPTY Directory
C:\Documents and Settings\Winde` Thach\Application Data\Veritas
C:\Documents and Settings\Winde` Thach\Application Data\Vlc
C:\Documents and Settings\Winde` Thach\Application Data\Vso
C:\Documents and Settings\Winde` Thach\Application Data\Winpatrol -- EMPTY Directory

peku006 · May 2007

:smiles: Hi Takayuke
You didn't put Hijackthis to its own folder...
Like I already said: "Put Hijackthis to its own folder;
This is importatnt for the backups!"

Please do the following:

step#1
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,( if present)
Viewpoint
all older versions of Java.

step#2
Please Update your Java Java Runtime Environment (JRE) 6u1
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.

step#3
Please download
ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
* Windows Temp
* Current User Temp
* All Users Temp
* Temporary Internet Files
* Prefetch
* Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

step#4
Print out these instructions or save them with notepad or Word

Please download AVG Anti-Spyware to your desktop. When ready, do following:

Start AVG Anti-Spyware
Click the Update icon
Click Start update
Wait until updates are downloaded
Click the Scanner icon
Open the Settings tab
- If you are having problems with the updater, you can use this link to manually update
- Make sure that under "How to act?" read Quarantine

- (If not, click the text and choose Quarantine)
- Under "How to scan?" all checkboxes should be ticked
- Under "Reports" select Automatically generate report after every scan
  and uncheck Only if threats were found
- Under "What to scan?" select Scan every file
Click the Shield icon
Under the "Resident shield is" click active to make it inactive
Close AVG Anti-Spyware

Reboot to safe mode

If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on
Start tapping the F8 key
The Windows Advanced Options Menu appears
Ensure that the Safe Mode option is selected
Press Enter. The computer then begins to start in Safe mode
Login on your usual account

Open My Computer.
Click Tools menu then click Folder Options.
Click the View tab.
Scroll to the ;Hidden files and folders; section and click Show hidden files and folders.;
Uncheck the Hide protected operating system files (recommended); option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.

Close all open windows / programs / folders
Start AVG Anti-Spyware
Click the Scanner icon
Click Complete System Scan
Let the program scan the machine
When the scan has finished, follow the instructions below
- Make sure that under "Set all elements to" read Quarantine

- (If not, click the text and choose Quarantine)
- Click Apply all actions
- Click Save Report
- Click Save reports as
- Save report to your Desktop

step#5
Please download Deckard's System Scanner to your Desktop
* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

step#6
Post these Logfiles in your next reply:
Dss.Main.txt
Dss.extra.txt
AVG Anti-Spyware report

Takayuke · May 2007

Got what you needed hope I did it right.

Deckard's System Scanner v20070426.43
Run by Winde` Thach on 2007-05-27 at 17:23:22
Computer is in Safe Mode with Networking.

-- System Restore

Failed to create restore point; computer is in safe mode.

-- Last 5 Restore Point(s) --
56: 2007-05-27 02:41:58 UTC - RP499 - System Checkpoint
55: 2007-05-26 00:49:46 UTC - RP498 - System Checkpoint
54: 2007-05-25 00:40:04 UTC - RP497 - System Checkpoint
53: 2007-05-23 03:01:04 UTC - RP496 - Software Distribution Service 2.0
52: 2007-05-19 23:32:59 UTC - RP495 - System Checkpoint

-- First Restore Point --
1: 2007-03-02 00:56:43 UTC - RP444 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Winde` Thach.exe)

Logfile of HijackThis v1.99.1
Scan saved at 5:24:13 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Winde` Thach\Desktop\dss.exe
C:\DOCUME~1\WINDE`~1\Desktop\HHJT\Winde` Thach.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [] C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [NetGrid] C:\Program Files\NetGrid\NetGrid.exe
O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

-- HijackThis Fixed Entries (C:\DOCUME~1\WINDE`~1\Desktop\HHJT\backups\)

backup-20070526-190629-165 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
backup-20070526-190629-261 O15 - Trusted IP range: 81.222.131.59
backup-20070526-190629-700 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070526-190629-866 O4 - HKCU\..\Run: [AxisBin] C:\DOCUME~1\WINDE`~1\APPLIC~1\Internet Size\Date bags tool.exe
backup-20070526-190629-898 O15 - Trusted IP range: 81.222.131.59 (HKLM)
-- File Associations

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
.txt - txtfile - shell\open\command - C:\WINDOWS\system32\NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 St323dk - c:\windows\system32\drivers\st323dk.sys <Not Verified; Generic; ST323DK>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S1 vdmt16 (VIRTwin) - c:\windows\system32\vdmt16.sys (file missing)
S2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\windows\system32\drivers\cinemsup.sys (file missing)
S2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
S2 winlow (SCNDmem) - c:\windows\system32\winlow.sys (file missing)
S3 Bcim (Bandwidth Controller kernel component) - c:\windows\system32\drivers\bcim.sys (file missing)
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 nuvaud2 (NUVision II Audio Service) - c:\windows\system32\drivers\nuvaud2.sys <Not Verified; Zoran Ltd.; USBVision>
S3 nuvvid2 (NUVision II Video Service) - c:\windows\system32\drivers\nuvvid2.sys <Not Verified; Nogatech Ltd.; USBVision>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SaiClass - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
S3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtHid (%SAINTHID_NAME%) - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtSub - c:\windows\system32\drivers\saintsub.sys <Not Verified; Saitek; Configuration Software>
S3 SQTECH905C (Dual Camera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys (file missing)
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

S3 msCMTSrvc (Content Monitoring Tool) - c:\windows\system32\mscmtsrvc.exe (file missing)
S4 InteractiveLogon - c:\windows\system32\fast.exe -service (file missing)
S4 McShield (McAfee.com McShield) - c:\progra~1\mcafee.com\vso\mcshield.exe (file missing)
S4 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S4 MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding (file missing)

-- Files created between 2007-04-27 and 2007-05-27

2007-05-26 19:08:39 106 --a

C:\delete.bat
2007-05-25 14:08:03 0 d

C:\Documents and Settings\Winde` Thach\Application Data\Get-Torrent
2007-05-25 14:07:58 0 d

C:\Documents and Settings\All Users\Application Data\RuleThunkLiteKeep
2007-05-25 14:07:45 0 d

C:\Program Files\Internet Size
2007-05-25 14:07:45 0 d

C:\Documents and Settings\Winde` Thach\Application Data\Internet Size
2007-05-25 14:07:40 0 d

C:\Program Files\Get-Torrent
2007-05-05 21:39:37 0 d

C:\Program Files\_uninstallation_info

-- Find3M Report

2007-05-27 15:10:32 0 d

C:\Program Files\Viewpoint
2007-03-31 22:01:53 0 d

C:\Program Files\Windows Media Connect 2
2007-03-08 00:03:22 13251 --a----c- C:\WINDOWS\mozver.dat

-- Registry Dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{D5792AA9-D373-4039-8670-2CDAB6A71F15} C:\Program Files\Get-Torrent\TorrentManager.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"WinPatrol"="C:\\PROGRA~1\\BillP Studios\\WinPatrol\\winpatrol.exe"
@="C:\\Program Files\\eTomiPro\\Gui\\etomipro.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DVDTray"="C:\\Program Files\\Ahead\\ODD Toolkit\\DVDTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CLAUDIO"="C:\\Program Files\\XemiComputers\\Claudio\\Claudio.exe"
"NetGrid"="C:\\Program Files\\NetGrid\\NetGrid.exe"
"BlockAds"="C:\\Program Files\\Tweak-XP\\blads.exe"
"Tweak-XP"=""
"TransparentIcons"=""
"ATI Launchpad"=""
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN

-- Hosts

127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.dk.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
235 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-05-27 at 17:24:44

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2200+
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 767.48 MiB / 541.91 MiB
Pagefile Memory (total/avail): 1061.51 MiB / 898.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.21 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 55.89 GiB total, 3.1 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.472 v7.5.472 (GRISOFT)

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Winde` Thach\Application Data
CLASSPATH=.;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-PA86Z1I3G7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Winde` Thach
LOGONSERVER=\\YOUR-PA86Z1I3G7
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ATI Technologies\ATI Control Panel;;C:\PROGRA~1\COMMON~1\muvee Technologies\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WINDE`~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WINDE`~1\LOCALS~1\Temp
USERDOMAIN=YOUR-PA86Z1I3G7
USERNAME=Winde` Thach
USERPROFILE=C:\Documents and Settings\Winde` Thach
windir=C:\WINDOWS

-- User Profiles

Owner (admin)
Winde` Thach (admin)
Administrator (new local, admin)
Guest (guest)

-- Add/Remove Programs

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> C:\WINDOWS\WEBDELC.EXE -[WebCam Control
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC Tool 4.5.11 Install --> C:\PROGRA~1\AC Tool\UNWISE.EXE C:\PROGRA~1\AC Tool\INSTALL.LOG
AC Tool 4.5.6 Install --> C:\PROGRA~1\AC Tool\UNWISE.EXE C:\PROGRA~1\AC Tool\INSTALL.LOG
AC Tool 4.6.2 Install --> C:\PROGRA~1\AC Tool\UNWISE.EXE C:\PROGRA~1\AC Tool\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\INSTALL.LOG
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Advanced WMA Workshop version 1.58 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9DA00558-6566-484C-87BC-1650BCF60446}
ATI Multimedia Center 7.8.0.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E957696E-6D13-4B92-AF02-2073D7D522B4}\setup.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitTorrent 4.0.2 --> "C:\Program Files\BitTorrent\uninstall.exe"
CiD Help --> C:\DOCUME~1\WINDE`~1\APPLIC~1\Internet Size\Date bags tool.exe -uninstall
ConvertXtoDVD 2.1.14.223 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Creative WebCam Control --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Control\DeIsL1.isu"
Creative WebCam Driver --> C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl
Customizer XP --> "C:\Program Files\Customizer XP\unins000.exe"
DAEMON Tools --> MsiExec.exe /I{C33CF844-3FE6-442E-B2FD-998192C939C9}
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\System32\OggDSuninst.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Easy Access Button Support --> C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
Elecard MPEG2 Player 2.0 --> "C:\Program Files\Elecard MPEG2 Player 2.0\Uninstall.exe" "C:\Program Files\Elecard MPEG2 Player 2.0\install.log"
ffdshow --> "C:\WINDOWS\system32\uninstall.exe"
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI for Windows - Official Benchmark Program 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{32BDD120-17F7-4F2C-A49F-825E41A97703} /l1033
FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x9 UNINSTALL
Get-Torrent version 2.0.0.0 --> "C:\Program Files\Get-Torrent\unins000.exe"
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
Half-Life --> C:\WINDOWS\IsUninst.exe -f"c:\program files\SIERRA\Half-Life\Uninst.isu" -c"c:\program files\SIERRA\Half-Life\HLUNINST.DLL"
HijackThis 1.99.1 --> C:\Documents and Settings\Winde` Thach\Desktop\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
LimeWire 4.8.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan Professional --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works and Money 2002 Setup Launcher --> C:\Program Files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
MyDsc2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetGrid --> "C:\Program Files\NetGrid\uninstall.exe"
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
OIN --> C:\WINDOWS\System32\shex.exe open http://www.outerinfo.com/questionnaire.php
OpenMG Limited Patch 4.3-05-10-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.3-05-10-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\Intel 32\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
Powertoys For Windows XP --> MsiExec.exe /I{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}
PSP Video 9 1.74 --> C:\Program Files\pspvideo9\uninst.exe
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Saitek Configuration Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90126B79-C0D2-41A5-86B2-2F6666C446B9}\setup.exe" AddRem
Saitek NT Controller Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}\setup.exe" AddRem
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.2 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Styles XP (remove only) --> "C:\Program Files\tgtsoft\stylesxp\stylesxp-uninstall.exe"
The Learning Equation - Intermediate Algebra --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brookscole\TLEIA\Main\Uninst.isu"
Tweak-XP --> MsiExec.exe /X{7CF065E2-7816-4440-9019-034A2285F9DF}
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver 2.0 --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
XviD Video Codec 14052003-1 (Koepi's developer build) --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- End of Deckard's System Scanner: finished at 2007-05-27 at 17:24:44

Takayuke · May 2007

Report

Takayuke · May 2007

Takayuke wrote:

Ok tried posting the AVG report but its says on here that I'm not allowed to post any links contact Gerenal Keebler O.o?

AVG Anti-Spyware - Scan Report

+ Created at: 5:18:58 PM 5/27/2007

+ Scan result:

C:\WINDOWS\inst\3p_1n2.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\tool2.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\tool1.exe -> Adware.ISearch : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\delprot -> Adware.iSearch : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum -> Adware.iSearch : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\delprot\Security -> Adware.iSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Program Files\Get-Torrent\TorrentManager.dll -> Adware.Lop : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Shex.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lоgonui.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nоtepad.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wυaclt.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\аttrib.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\IE Security -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\IE Security\BlockedLocations -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Process Security -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Process Security\Policies -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Process Security\Policies\Allowed -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Process Security\Policies\Restricted -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Scan -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\System Security -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-3293823761-2387590086-153489426-1006\Software\SpySheriff\Updates -> Adware.SpySheriff : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\BTLINK\btlink.dll -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Get-Torrent\Get-Torrent.exe -> Backdoor.Agent.dn : Cleaned with backup (quarantined).
C:\WINDOWS\ms2.exe -> Not-A-Virus.Hoax.Win32.Renos.a : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.241:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.242:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@adbrite[2].txt[/email] -> TrackingCookie.Adbrite : Cleaned.
:mozilla.472:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.915:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.918:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.520:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.73:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.493:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@www.burstbeacon[1].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@www.burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned.
:mozilla.672:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.673:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.674:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.675:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.676:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.677:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.678:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.260:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.261:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.583:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.584:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.585:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.586:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.222:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@com[1].txt[/email] -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@connextra[1].txt[/email] -> TrackingCookie.Connextra : Cleaned.
:mozilla.457:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.718:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.555:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.708:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.845:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wak4chczklo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wfmycid5ckq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wjkosldzgeo.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wjkowgdpido.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wjlogpazalp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@e-2dj6wjnygic5obp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned.
:mozilla.491:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.492:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@adopt.euroclick[1].txt[/email] -> TrackingCookie.Euroclick : Cleaned.
:mozilla.858:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.853:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.856:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.857:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.679:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@searchportal.information[2].txt[/email] -> TrackingCookie.Information : Cleaned.
:mozilla.648:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.649:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.650:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.700:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.701:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.729:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.730:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.732:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.733:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.738:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.843:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.844:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.850:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.888:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.889:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.890:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@sec1.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
:mozilla.572:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@image.masterstats[1].txt[/email] -> TrackingCookie.Masterstats : Cleaned.
:mozilla.229:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.230:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.697:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@www.paypal[1].txt[/email] -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@guide.real[1].txt[/email] -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@real[1].txt[/email] -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@ads.realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.265:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.266:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.267:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.268:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@realmedia[1].txt[/email] -> TrackingCookie.Realmedia : Cleaned.
:mozilla.337:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.338:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.179:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.180:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.181:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.182:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.183:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.184:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.185:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.186:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.187:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.188:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.189:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.190:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.191:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.192:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.193:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.194:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.195:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.196:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@revsci[1].txt[/email] -> TrackingCookie.Revsci : Cleaned.
:mozilla.558:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.559:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.560:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.561:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.562:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.563:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.564:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.565:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.251:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.346:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.347:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.348:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.349:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.350:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.351:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.352:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.354:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.360:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.361:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.362:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.364:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.365:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.373:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.374:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.375:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.376:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.377:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.378:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.379:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.381:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.382:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.383:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.384:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.385:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.386:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.387:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.388:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.389:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.390:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned.
:mozilla.269:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.270:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.271:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.272:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.566:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@anad.tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@anat.tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Winde` Thach\Cookies\winde` [email]thach@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.224:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.225:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.226:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.227:C:\Documents and Settings\Winde` Thach\Application Data\Mozilla\Firefox\Profiles\0esa47gk.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP498\A0178863.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP498\A0178865.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w32net.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\hosts -> Trojan.Qhost.k : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsintsv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

peku006 · May 2007

Hi Takayuke
Good Work!
Please do the following:

please download haxfix.exe
and save it to your desktop.
* Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
* Checkmark "Create a desktop icon"
* Click "Next"
* When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
* Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
Select option 1. Make logfile by typing 1 and then pressing Enter
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt.
Copy the contents of that logfile and paste it into this thread

Please post haxlog.txt

Takayuke · May 2007

Haxlog.txt

HAXFIX logfile - by Marckie

version 4.44
Tue 05/29/2007 11:49:02.25

--- Checking for Haxdoor ---

checking for a3d files
a3d files found
fltr.a3d
i.a3d
ps.a3d
redir.a3d
tnfl.a3d

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32
vdmt16

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found

--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected

--- Catchme logfile - thank you Gmer ---

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 11:49:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\CP8TE3WX\ads[1].: 3417 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\CP8TE3WX\ads[1].: 6103 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\D20AB012\ads[1].: 3399 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\D20AB012\ads[2].: 2918 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\EDWZU1Q5\ads[1].: 3451 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\F3XJ3TKW\ads[1].: 3477 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\GTIR0LYF\ads[1].: 3399 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\PSSFDXCH\ads[1].: 3544 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\Q8QH578I\ads[1].: 3425 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\QTN4PCVM\ads[1].: 3504 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\TZ7935B4\ads[1].: 3466 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\Z8BRAGLU\ads[1].: 6150 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 12

--- Analysing Catchme logfile ---

no matching regkeys found

Finished!

peku006 · May 2007

Hi Takayuke
Good Work!
Please do the following:

Double click on My Computer -> C:\ -> Program Files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
Close all other open windows since this step requires a reboot
Select option 2. Run auto fix by typing 2 and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.
Close all open windows except the red dos window from haxfix and then press Enter
The computer will reboot
After reboot a logfile will open > (c:\haxfix.txt)

Please post haxlog.txt

Takayuke · May 2007

Ok I did what you said but it didnt restart my computer it just went back to the menu red screen in fix.bat. I was watching it scan and it said no infections found or something like that and it went back to the menu screen it didn't reboot or come up with a haxlog.txt.

peku006 · May 2007

Hi Takayuke
Lets add the bad files manually.

Please do the following:
Double click on My Computer -> C:\ -> Program Files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
Close all other open windows since this step requires a reboot
Select option 3. Run manu fix by typing 3 and then pressing Enter
This message will appear:

Insert the haxdoorkey
and then press Enter:

Type the following: fltr.a3d followed by Enter
When this is a valid choice, the key will be added to delete and you will see the following message:

Haxdoorkey xxxx added to delete.
Do you want to add a new haxdoorkey?

Press Yes (type Y).
Do the same for the following haxdoorkeys:
i.a3d
ps.a3d
redir.a3d
tnfl.a3d
vdmt16
after last haxdoorkey (vdmt16)

Haxdoorkey xxxx added to delete.
Do you want to add a new haxdoorkey?

Press No (N)
Follow the instructions on the screen. Your computer will reboot.
After reboot a logfile will open > (c:\haxfix.txt)

Please post haxlog.txt

Takayuke · May 2007

peku006 wrote:

Type the following: fltr.a3d followed by Enter
When this is a valid choice, the key will be added to delete and you will see the following message:

Press Yes (type Y).
Do the same for the following haxdoorkeys:
i.a3d
ps.a3d
redir.a3d
tnfl.a3d
vdmt16
after last haxdoorkey (vdmt16)

Press No (N)
Follow the instructions on the screen. Your computer will reboot.
After reboot a logfile will open > (c:\haxfix.txt)

Please post haxlog.txt

Ok I did what you said but when I enter in i fltr.a3d, i.a3d, ps.a3d, redir.a3d, tnfl.a3d, vdmt16 it says " No matching services found. Haxdoorkey has not been added. " Also it didn't restart like you said it would it just went back to the main menu after I entered in N for the last entry. But I ran another scan for you and this what came up. Should I be doing this in Safemode?

HAXFIX logfile - by Marckie

version 4.44
Tue 05/29/2007 18:35:39.54

--- Checking for Haxdoor ---

checking for a3d files
a3d files found
fltr.a3d
i.a3d
ps.a3d
redir.a3d
tnfl.a3d

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32
vdmt16

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found

--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected

--- Catchme logfile - thank you Gmer ---

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 18:35:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\CP8TE3WX\ads[1].: 3417 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\CP8TE3WX\ads[1].: 6103 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\D20AB012\ads[1].: 3399 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\D20AB012\ads[2].: 2918 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\EDWZU1Q5\ads[1].: 3451 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\F3XJ3TKW\ads[1].: 3477 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\GTIR0LYF\ads[1].: 3399 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\PSSFDXCH\ads[1].: 3544 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\Q8QH578I\ads[1].: 3425 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\QTN4PCVM\ads[1].: 3504 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\TZ7935B4\ads[1].: 3466 bytes hidden from API
C:\Documents and Settings\Winde` Thach\Local Settings\Temporary Internet Files\Content.IE5\Z8BRAGLU\ads[1].: 6150 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 12

--- Analysing Catchme logfile ---

no matching regkeys found

Finished!

peku006 · May 2007

Hi Takayuke
Good Work!
Should I be doing this in Safemode? NO!
dont worry if haxfix cant find these files
Let's try a different scanner and see what it shows.

Please do the following:

step#1
Download Bobbi Flekman's RegSearch Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.
Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the Search Box:

vdmt16.sys

then hit Ok

After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe.

step#2
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

step#3
Please, post these logs:
RegSearch
WinPFind3U

Takayuke · May 2007

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.4.2

; Results at 5/30/2007 1:36:08 PM for strings:
; 'vdmt16.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

; End Of The Log...

WinPFind3 logfile created on: 5/30/2007 1:41:21 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Winde` Thach\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

767.48 Mb Total Physical Memory | 519.50 Mb Available Physical Memory | 67.69% Memory free
1.04 Gb Paging File | 0.81 Gb Available in Paging File | 77.81% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 3.05 Gb Free Space | 5.45% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-PA86Z1I3G7
Current User Name: Winde` Thach
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.10.3041 | Size = 294912 bytes | Modified Date = 10/12/2002 10:00:00 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/26/2007 9:17:28 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 5/26/2007 9:17:30 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/26/2007 9:12:04 AM | Attr = ]
blads.exe -> %ProgramFiles%\Tweak-XP\Blads.exe -> Totalidea Software [Ver = 1.17.0001 | Size = 45056 bytes | Modified Date = 9/2/2001 2:00:00 AM | Attr = ]
bttnserv.exe -> %ProgramFiles%\compaq\Easy Access Button Support\BttnServ.exe -> Compaq Computer Corporation [Ver = 6.00.448 | Size = 122880 bytes | Modified Date = 3/23/2001 9:34:10 PM | Attr = ]
cpqeadm.exe -> %ProgramFiles%\compaq\Easy Access Button Support\CPQEADM.exe -> Compaq Computer Corporation [Ver = 8.0.0.411 | Size = 438272 bytes | Modified Date = 4/14/2002 6:29:58 AM | Attr = ]
dvdtray.exe -> %ProgramFiles%\Ahead\ODD Toolkit\dvdtray.exe -> Hewlett-Packard Company [Ver = 2.0 | Size = 65536 bytes | Modified Date = 9/3/2004 3:58:48 AM | Attr = ]
eausbkbd.exe -> %SystemDrive%\Compaq\EAKDRV\EAUSBKBD.exe -> Compaq [Ver = 6, 0, 0, 445 | Size = 90112 bytes | Modified Date = 6/17/2002 8:14:38 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/18/2005 7:26:54 PM | Attr = ]
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 6:54:04 PM | Attr = ]
netgrid.exe -> %ProgramFiles%\NetGrid\NetGrid.exe -> ComputerSmarts.net LLC. [Ver = 2.1.1.0 | Size = 704512 bytes | Modified Date = 11/3/2003 4:53:12 PM | Attr = ]
starteak.exe -> %ProgramFiles%\compaq\Easy Access Button Support\STARTEAK.exe -> Compaq Computer Corporation [Ver = 8, 0, 0, 330 | Size = 32768 bytes | Modified Date = 12/15/2001 12:01:24 AM | Attr = ]
taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 1:59:36 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 106549 bytes | Modified Date = 7/16/2002 10:03:00 AM | Attr = ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 9, 1, 0, 0 | Size = 230592 bytes | Modified Date = 4/12/2005 12:31:00 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0004 | Size = 110677 bytes | Modified Date = 10/12/2002 10:00:00 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/26/2007 9:17:28 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 5/26/2007 9:12:04 AM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 5/26/2007 9:17:30 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 2:06:04 AM | Attr = ]
(InteractiveLogon) InteractiveLogon [Win32_Own | Disabled | Stopped] -> %System32%\Fast.exe -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 12/18/2005 7:26:54 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcshield.exe -> File not found
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcvsrte.exe -> File not found
(msCMTSrvc) Content Monitoring Tool [Win32_Own | On_Demand | Stopped] -> %System32%\msCMTSrvc.exe -> File not found
(MSCSPTISRV) MSCSPTISRV [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 4:00:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 3:55:18 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 69718 bytes | Modified Date = 8/30/2005 3:49:34 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> %ProgramFiles%\eTomiPro\Gui\etomipro.exe -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.10.3041 | Size = 294912 bytes | Modified Date = 10/12/2002 10:00:00 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/26/2007 9:17:30 AM | Attr = ]
CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 10/8/2001 1:59:36 PM | Attr = ]
CPQEASYACC -> %ProgramFiles%\compaq\Easy Access Button Support\STARTEAK.exe -> Compaq Computer Corporation [Ver = 8, 0, 0, 330 | Size = 32768 bytes | Modified Date = 12/15/2001 12:01:24 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 106549 bytes | Modified Date = 7/16/2002 10:03:00 AM | Attr = ]
DVDTray -> %ProgramFiles%\Ahead\ODD Toolkit\dvdtray.exe -> Hewlett-Packard Company [Ver = 2.0 | Size = 65536 bytes | Modified Date = 9/3/2004 3:58:48 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,1607 | Size = 114688 bytes | Modified Date = 5/15/2002 5:20:50 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,1607 | Size = 155648 bytes | Modified Date = 5/15/2002 5:29:02 AM | Attr = ]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 6:54:04 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 7/4/2002 7:55:38 PM | Attr = ]
srmclean -> %SystemDrive%\cpqs\scom\srmclean.exe -> [Ver = | Size = 36864 bytes | Modified Date = 7/24/2001 11:34:26 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 9, 1, 0, 0 | Size = 230592 bytes | Modified Date = 4/12/2005 12:31:00 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM95\aim.exe -cnetwait.odl -> File not found
ATI Launchpad -> -> File not found
BlockAds -> %ProgramFiles%\Tweak-XP\Blads.exe -> Totalidea Software [Ver = 1.17.0001 | Size = 45056 bytes | Modified Date = 9/2/2001 2:00:00 AM | Attr = ]
CLAUDIO -> %ProgramFiles%\XemiComputers\Claudio\Claudio.exe -> File not found
Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe -> File not found
NetGrid -> %ProgramFiles%\NetGrid\NetGrid.exe -> ComputerSmarts.net LLC. [Ver = 2.1.1.0 | Size = 704512 bytes | Modified Date = 11/3/2003 4:53:12 PM | Attr = ]
TransparentIcons -> -> File not found
Tweak-XP -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 278528 bytes | Modified Date = 2/14/2006 9:03:54 PM | Attr = ]
%AllUsersStartup%\Picture Package Menu.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 11/21/2003 9:02:42 PM | Attr = ]
%AllUsersStartup%\Picture Package VCD Maker.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 12/14/2004 6:48:46 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %System32%\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 7:37:34 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,1607 | Size = 307200 bytes | Modified Date = 5/15/2002 5:20:14 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (8875 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://search.msn.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://home.microsoft.com/search/lobby/search.asp ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.microsoft.com/isapi/redir.dll? ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> [Ver = | Size = 711168 bytes | Modified Date = 3/16/2003 1:02:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{8CBA1B49-8144-4721-A7B1-64C578C9EED7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 163840 bytes | Modified Date = 9/16/2004 7:25:50 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM95\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{089E1B77-5436-400D-8185-D30C0D73CC29} -> () ->
{37BFCD79-21A7-40C9-B884-706ED35372EB} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{9CD9E2E1-F8B3-48D7-A20C-135AF14CFCE6} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000075-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/voxacm.CAB ->
{00000161-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaudio.cab ->
{33363249-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/i263_32.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.3.1 - CodeBase = http://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
clean.bat -> %SystemDrive%\clean.bat -> [Ver = | Size = 9006 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/27/2007 4:22:35 PM | Attr = ]
delete.bat -> %SystemDrive%\delete.bat -> [Ver = | Size = 106 bytes | Created Date = 5/26/2007 6:08:39 PM | Attr = ]
RegSearch -> %SystemDrive%\RegSearch -> [Folder | Created Date = 5/30/2007 12:34:31 PM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/22/2007 9:02:37 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 5/9/2007 9:04:03 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Created Date = 5/9/2007 9:04:31 PM | Attr = H ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 5/27/2007 4:23:26 PM | Attr = ]
catchme.exe -> %System32%\catchme.exe -> [Ver = | Size = 86528 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
process.exe -> %System32%\process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
reboot.exe -> %System32%\reboot.exe -> [Ver = | Size = 4096 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
RegDACL.exe -> %System32%\RegDACL.exe -> Frank Heyne Software [Ver = 5.1.1.195 | Size = 90112 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 5/29/2007 10:48:49 AM | Attr = ]
systemdrv32.aso -> %System32%\systemdrv32.aso -> [Ver = | Size = 248 bytes | Created Date = 5/5/2007 8:40:31 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/27/2007 2:19:21 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/26/2007 8:12:04 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 5/26/2007 8:12:04 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 5/26/2007 10:19:24 AM | Attr = RH ]
clean.bat -> %SystemDrive%\clean.bat -> [Ver = | Size = 9006 bytes | Modified Date = 5/16/2007 10:19:24 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/27/2007 5:22:36 PM | Attr = ]
delete.bat -> %SystemDrive%\delete.bat -> [Ver = | Size = 106 bytes | Modified Date = 5/26/2007 7:08:40 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 5/25/2007 2:28:40 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/29/2007 11:48:16 AM | Attr = ]
RegSearch -> %SystemDrive%\RegSearch -> [Folder | Modified Date = 5/30/2007 1:36:40 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/27/2007 5:23:28 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/22/2007 10:01:34 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/22/2007 10:02:38 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 5/9/2007 10:04:06 PM | Attr = H ]
$NtUninstallKB931768$ -> %SystemRoot%\$NtUninstallKB931768$ -> [Folder | Modified Date = 5/9/2007 10:04:36 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/30/2007 1:31:08 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/9/2007 10:01:16 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/27/2007 5:24:10 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 5/27/2007 5:23:28 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/23/2007 11:52:46 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 5/9/2007 10:05:02 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/23/2007 11:52:40 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/25/2007 3:05:44 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/30/2007 1:40:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/23/2007 11:52:46 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 5/26/2007 9:11:20 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/29/2007 11:48:50 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/29/2007 6:51:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/30/2007 1:31:10 PM | Attr = H ]
catchme.exe -> %System32%\catchme.exe -> [Ver = | Size = 86528 bytes | Modified Date = 5/12/2007 11:21:28 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/30/2007 1:32:14 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/25/2007 3:06:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/27/2007 3:19:22 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 5/27/2007 6:06:06 PM | Attr = ]
systemdrv32.aso -> %System32%\systemdrv32.aso -> [Ver = | Size = 248 bytes | Modified Date = 5/5/2007 9:48:10 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/30/2007 1:32:16 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 5/26/2007 9:17:26 AM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 5/26/2007 9:12:08 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 5/26/2007 9:12:06 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 5/26/2007 9:12:06 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 5/26/2007 9:17:26 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 5/26/2007 9:12:06 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 5/26/2007 7:11:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> Generic [Ver = 3.23.0.0 | Size = 52736 bytes | Modified Date = 10/4/2002 11:11:24 PM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 6.810-1005 | Size = 965632 bytes | Modified Date = 1/3/2004 10:01:44 AM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/7/2005 12:14:52 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1571 | Size = 692736 bytes | Modified Date = 7/15/2005 1:36:36 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 4:04:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 11/25/2005 5:48:28 PM | Attr = ]
UPX! , UPX0 , -> %System32%\uninstall.exe -> [Ver = | Size = 43973 bytes | Modified Date = 11/18/2005 9:16:50 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 3:59:36 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 3:56:26 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 5/26/2007 9:17:26 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

peku006 · May 2007

Hi Takayuke
Good Work!
Please do the following:

Please download Combofix Here to your Desktop.
DO NOT scan yet

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\windows\system32\i.a3d
C:\windows\system32\ps.a3d
C:\windows\system32\redir.a3d
C:\windows\system32\tnfl.a3d

Driver::
vdmt16

Save this as ComboFix-Do.txt, in the same location as ComboFix.exe

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Follow the prompts.
When finished, it shall produce a log for you.Post that log in your next reply

Takayuke · May 2007

"Winde` Thach" - 2007-05-30 19:26:36 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Winde` Thach\"
Command switches used :: ""C:\Documents and Settings\Winde` Thach\Desktop\ComboFix-Do.txt""

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\DOCUME~1\WINDE`~1\APPLIC~1\Install.dat"
"C:\WINDOWS\system32\zlbw.dll"
"C:\windows\system32\i.a3d"
"C:\windows\system32\ps.a3d"
"C:\windows\system32\redir.a3d"
"C:\windows\system32\tnfl.a3d"
"C:\WINDOWS\DOWNLO~1.\temp"

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))

2007-05-30 13:34 <DIR> d

C:\RegSearch
2007-05-29 11:48 90,112 --a

C:\WINDOWS\system32\RegDACL.exe
2007-05-29 11:48 9,006 --a

C:\clean.bat
2007-05-29 11:48 86,528 --a

C:\WINDOWS\system32\catchme.exe
2007-05-29 11:48 53,248 --a

C:\WINDOWS\system32\process.exe
2007-05-29 11:48 4,096 --a

C:\WINDOWS\system32\reboot.exe
2007-05-27 17:22 <DIR> d

C:\Deckard
2007-05-27 15:19 3,968 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 19:08 106 --a

C:\delete.bat
2007-05-25 14:08 <DIR> d

C:\DOCUME~1\WINDE`~1\APPLIC~1\Get-Torrent
2007-05-25 14:07 <DIR> d

C:\Program Files\Internet Size
2007-05-25 14:07 <DIR> d

C:\Program Files\Get-Torrent
2007-05-25 14:07 <DIR> d

C:\DOCUME~1\WINDE`~1\APPLIC~1\Internet Size
2007-05-25 14:07 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\RuleThunkLiteKeep
2007-05-05 21:39 <DIR> d

C:\Program Files\_uninstallation_info

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 22:18:34

d

w C:\Program Files\Common Files\BTLINK
2007-05-27 20:10:32

d

w C:\Program Files\Viewpoint
2007-05-06 02:39:37

d

w C:\Program Files\_uninstallation_info
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-01 03:01:53

d

w C:\Program Files\Windows Media Connect 2
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 05:03:22 13,251 -c--a-w C:\WINDOWS\mozver.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2003-03-16 01:02]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-15 00:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54]
"WinPatrol"="C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe" [2005-04-12 12:31]
"@=C:\Program Files\eTomiPro\Gui\etomipro.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-26 09:17]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLAUDIO"="C:\Program Files\XemiComputers\Claudio\Claudio.exe" []
"NetGrid"="C:\Program Files\NetGrid\NetGrid.exe" [2003-11-03 16:53]
"BlockAds"="C:\Program Files\Tweak-XP\blads.exe" [2001-09-02 02:00]
"Tweak-XP"="" []
"TransparentIcons"="" []
"ATI Launchpad"="" []
"AIM"="C:\Program Files\AIM95\aim.exe" [2006-08-01 15:35]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 19:29:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-30 19:30:34
C:\ComboFix-quarantined-files.txt ... 2007-05-30 19:30

--- E O F ---

peku006 · May 2007

:smiles: Hi Takayuke
Good Work!
Do you have problems?

Please do the following:

Close all applications and windows.
Double-click on Dss.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt

Post these Logfiles in your next reply:
Dss.main.txt
Dss.extra.txt

Takayuke · May 2007

Hmm I did everthing like you said with Dss.exe but it didn't open up 2 notpad files just one main.txt, extra.txt never open or it didn't have anything O.o? But so far everything has been running fast after you helped me

. Another question I do have is I named my computer Winde' Thach is there anyway to change it so I don't have it registed on the computer like that.

Deckard's System Scanner v20070426.43
Run by Winde` Thach on 2007-05-31 at 11:10:07
Computer is in Normal Mode.

-- HijackThis (run as Winde` Thach.exe)

Logfile of HijackThis v1.99.1
Scan saved at 11:10:40 AM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetGrid\NetGrid.exe
C:\Program Files\Tweak-XP\blads.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Winde` Thach\Desktop\dss.exe
C:\DOCUME~1\WINDE`~1\Desktop\HJT\Winde` Thach.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [] C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [NetGrid] C:\Program Files\NetGrid\NetGrid.exe
O4 - HKCU\..\Run: [BlockAds] C:\Program Files\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

-- Files created between 2007-04-30 and 2007-05-31

2007-05-30 13:34:31 0 d

C:\RegSearch
2007-05-29 11:48:49 90112 --a

C:\WINDOWS\system32\RegDACL.exe <Not Verified; Frank Heyne Software; RegTools>
2007-05-29 11:48:49 4096 --a

C:\WINDOWS\system32\reboot.exe
2007-05-29 11:48:49 53248 --a

C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-05-29 11:48:49 86528 --a

C:\WINDOWS\system32\catchme.exe
2007-05-29 11:48:49 9006 --a

C:\clean.bat
2007-05-26 19:08:39 106 --a

C:\delete.bat
2007-05-25 14:08:03 0 d

C:\Documents and Settings\Winde` Thach\Application Data\Get-Torrent
2007-05-25 14:07:58 0 d

C:\Documents and Settings\All Users\Application Data\RuleThunkLiteKeep
2007-05-25 14:07:45 0 d

C:\Program Files\Internet Size
2007-05-25 14:07:45 0 d

C:\Documents and Settings\Winde` Thach\Application Data\Internet Size
2007-05-25 14:07:40 0 d

C:\Program Files\Get-Torrent
2007-05-05 21:39:37 0 d

C:\Program Files\_uninstallation_info

-- Find3M Report

2007-05-27 17:18:34 0 d

C:\Program Files\Common Files\BTLINK
2007-05-27 15:10:32 0 d

C:\Program Files\Viewpoint
2007-03-31 22:01:53 0 d

C:\Program Files\Windows Media Connect 2
2007-03-08 00:03:22 13251 --a----c- C:\WINDOWS\mozver.dat

-- Registry Dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"WinPatrol"="C:\\PROGRA~1\\BillP Studios\\WinPatrol\\winpatrol.exe"
@="C:\\Program Files\\eTomiPro\\Gui\\etomipro.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"DVDTray"="C:\\Program Files\\Ahead\\ODD Toolkit\\DVDTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CLAUDIO"="C:\\Program Files\\XemiComputers\\Claudio\\Claudio.exe"
"NetGrid"="C:\\Program Files\\NetGrid\\NetGrid.exe"
"BlockAds"="C:\\Program Files\\Tweak-XP\\blads.exe"
"Tweak-XP"=""
"TransparentIcons"=""
"ATI Launchpad"=""
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-05-31 at 11:11:04

peku006 · June 2007

:smiles: Hi Takayuke
Excellent Work!
Your comp looks clean.
Everything is good now!
you have two things to do
Update your Java and
Clean your System Restore

Lets start with this:

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,( if present)
all older versions of Java.

Clean your System Restore:
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK

You can fix these lines with HijackThis, if you want. This could to speed up to your computer starting.
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Close ALL open windows
Click Fix Checked
Close HijackThis

Please Update your Java Java Runtime Environment (JRE) 6u1Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
Reboot.
Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.
Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klei
Happy surfing and stay clean!

Takayuke · June 2007

What a good firewall I could use that wouldn't effect my programs like games I play final fantasy XI and so on. Also how do I disable the windows firewall to use another firewall . Thank you very much for helping me so far everything running great.

peku006 · June 2007

:smiles: Hi Takayuke

How to turn on or turn off the firewall in Windows XP

good firewall:smiles:

Hijacked by Obfuskated maybe more

Comments